tor-proto: verify_link_auth_cert() rejects valid LINK_AUTH signatures (inverted is_valid check)
In `verify_link_auth_cert()` at `crates/tor-proto/src/channel/handshake.rs:772-777`:
```rust
if cert_sig.is_valid() {
return Err(Error::HandshakeProto(
"Invalid ed25519 LINK_AUTH signature in handshake".into(),
));
}
```
This rejects when the `LINK_AUTH` certificate signature verifies successfully. The other certificate checks in the same file use the opposite pattern and reject on `!is_valid()` :
* `crates/tor-proto/src/channel/handshake.rs:377-381`
* `crates/tor-proto/src/channel/handshake.rs:725-729`
`ValidatableSignature::is_valid()` is unambigious here: the Ed25519 impl returns `verify(...).is_ok()` :
* `crates/tor-llcrypto/src/pk/ed25519.rs:491-496`
so this condition appears inverted; it should be:
```rust
if !cert_sig.is_valid() { ... }
```
`verify_link_auth_cert()` is only used from the relay responder auth path:
* `crates/tor-proto/src/relay/channel/responder.rs:201-207`
The result is that a valid CertType 6 `LINK_AUTH` certificate is rejected at this check while an invalid but otherwise parseable/timely `LINK_AUTH` certificate can pass this validation step.
I did not find direct tests covering `verify_link_auth_cert()` or the `UnverifiedResponderRelayChannel::verify()` path.
issue