tor-proto: verify_link_auth_cert() rejects valid LINK_AUTH signatures (inverted is_valid check)
In `verify_link_auth_cert()` at `crates/tor-proto/src/channel/handshake.rs:772-777`: ```rust if cert_sig.is_valid() { return Err(Error::HandshakeProto( "Invalid ed25519 LINK_AUTH signature in handshake".into(), )); } ``` This rejects when the `LINK_AUTH` certificate signature verifies successfully. The other certificate checks in the same file use the opposite pattern and reject on `!is_valid()` : * `crates/tor-proto/src/channel/handshake.rs:377-381` * `crates/tor-proto/src/channel/handshake.rs:725-729` `ValidatableSignature::is_valid()` is unambigious here: the Ed25519 impl returns `verify(...).is_ok()` : * `crates/tor-llcrypto/src/pk/ed25519.rs:491-496` so this condition appears inverted; it should be: ```rust if !cert_sig.is_valid() { ... } ``` `verify_link_auth_cert()` is only used from the relay responder auth path: * `crates/tor-proto/src/relay/channel/responder.rs:201-207` The result is that a valid CertType 6 `LINK_AUTH` certificate is rejected at this check while an invalid but otherwise parseable/timely `LINK_AUTH` certificate can pass this validation step. I did not find direct tests covering `verify_link_auth_cert()` or the `UnverifiedResponderRelayChannel::verify()` path.
issue