We should only be decrypting incoming relay cells until they are "recognized". Currently, we're just attempting to decrypt any incoming relay cells with each backward cipher, and this means any relay cells sent from the non-exit node are garbled and unreadable.
Crypto.util should have some function like "decryptUntilRecognized(cell)" that returns the decrypted cell along with some information about which cell it came from.
We should only be decrypting incoming relay cells until they are "recognized". Currently, we're just attempting to decrypt any incoming relay cells with each backward cipher, and this means any relay cells sent from the non-exit node are garbled and unreadable.
Crypto.util should have some function like "decryptUntilRecognized(cell)" that returns the decrypted cell along with some information about which cell it came from.