Routing relay cells
Circuit ID Checks
When a node wants to send a RELAY or RELAY_EARLY cell, it checks the cell's circID and determines whether the corresponding circuit along that connection is still open. If not, the node drops the cell.
When a node receives a RELAY or RELAY_EARLY cell, it checks the cell's circID and determines whether it has a corresponding circuit along that connection. If not, the node drops the cell.
Here and elsewhere, we refer to RELAY and RELAY_EARLY cells collectively as "relay cells".
Forward Direction
The forward direction is the direction that CREATE/CREATE2 cells are sent.
Routing from the Origin
When a relay cell is sent from an OP, the OP encrypts the cell's body with the stream cipher as follows:
OP sends relay cell:
For I=N...1, where N is the destination node:
Encrypt with Kf_I.
Transmit the encrypted cell to node 1.
Relaying Forward at Onion Routers
When a forward relay cell is received by an OR, it decrypts the cell's body with the stream cipher, as follows:
'Forward' relay cell:
Use Kf as key; decrypt.
The OR then decides whether it recognizes the relay cell, by inspecting the cell as described in Relay cells. If the OR recognizes the cell, it processes the contents of the relay cell. Otherwise, it passes the decrypted relay cell along the circuit if the circuit continues. If the OR at the end of the circuit encounters an unrecognized relay cell, an error has occurred: the OR sends a DESTROY cell to tear down the circuit.
For more information, see Application connections and stream management.
Backward Direction
The backward direction is the opposite direction from CREATE/CREATE2 cells.
Relaying Backward at Onion Routers
When a backward relay cell is received by an OR, it encrypts the cell's body with the stream cipher, as follows:
'Backward' relay cell:
Use Kb as key; encrypt.
Routing to the Origin
When a relay cell arrives at an OP, the OP decrypts the cell's body with the stream cipher as follows:
OP receives relay cell from node 1:
For I=1...N, where N is the final node on the circuit:
Decrypt with Kb_I.
If the cell is recognized (see [1]), then:
The sending node is I.
Stop and process the cell.
[1]: "Relay cells"