fix(core/thp): correct `Failure_InvalidProtocol` constant message by romanz · Pull Request #6549 · trezor/trezor-firmware

romanz · 2026-03-03T12:47:39Z

Otherwise, the host will receive b'\x08\x11' + b'\x00'*18.
The trailing bytes are skipped by trezorlib, since our Python protobuf parser ignores unknown fields:

trezor-firmware/python/src/trezorlib/protobuf.py

Lines 443 to 453 in 53ac49c

    
           if ftag not in msg_type.FIELDS:  # unknown field, skip it 
        
               if wtype == WIRE_TYPE_INT: 
        
                   load_uvarint(reader) 
        
               elif wtype == WIRE_TYPE_LENGTH: 
        
                   ivalue = load_uvarint(reader) 
        
                   if ivalue > MAX_FIELD_SIZE: 
        
                       raise ValueError(f"Unknown field {ftag} too large ({ivalue} bytes)") 
        
                   reader.readinto(bytearray(ivalue)) 
        
               else: 
        
                   raise ValueError 
        
               continue

coderabbitai · 2026-03-03T12:47:46Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 53ac49c and 68406c3.

📒 Files selected for processing (2)

core/src/trezor/wire/thp/interface_context.py
tests/device_tests/thp/test_basic.py

🚧 Files skipped from review as they are similar to previous changes (1)

core/src/trezor/wire/thp/interface_context.py

Walkthrough

The PR adjusts the THP codec_v1 error response serialization: the failure payload length/type bytes for an InvalidProtocol Failure are changed from 0x14 to 0x02 in the encoded response. No public API signatures were modified and the handler's control flow (construct buffer, memcpy bytes, write packet) remains the same. Tests were updated to use a local expected Failure instance and to assert encoded output matches exactly, preventing trailing bytes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check	❓ Inconclusive	The description explains the problem (trailing bytes sent to host) and the technical context, but lacks structured sections matching the template (no Development status, PR setup sections, or QA notes despite PR being open).	Clarify the PR development status (Draft vs. Final) and add a 'Notes for QA' section if testable, or confirm 'Done (no QA)' if not testable, to complete the template structure.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and specifically describes the main change: correcting the Failure_InvalidProtocol constant message size in the THP codec.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings (stacked PR)
📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch romanz/thp-invalid

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

github-actions · 2026-03-03T12:48:59Z

`en` main(all)

model	device_test	click_test	persistence_test
T2T1	test(all) main(all)	test(all) main(all)	test(all) main(all)
T3B1	test(all) main(all)	test(all) main(all)	test(all) main(all)
T3T1	test(all) main(all)	test(all) main(all)	test(all) main(all)
T3W1	test(all) main(all)	test(all) main(all)	test(all) main(all)

Latest CI run: 22625299399

mmilata · 2026-03-03T13:10:13Z

Seems to parse correctly by trezorlib in main. Does this fix interoperability with some other parser?

romanz · 2026-03-03T13:22:04Z

Yes - @szymonlesisz has found this issue when using a new parser (which didn't skip the trailing zero bytes).

mmilata

LGTM, protoscope seems to agree. Will fix this in rust/trezor-thp.

#6549

[no changelog]

romanz · 2026-03-03T13:33:04Z

Added a check in tests/device_tests/thp/test_basic.py::test_v1:
https://github.com/trezor/trezor-firmware/compare/53ac49c2f79f4bcb1e32c38d1c109032f710c56a..68406c3b4b9e83407db247718576ee8d7f0313f3

romanz self-assigned this Mar 3, 2026

trezor-bot Bot added this to Firmware Mar 3, 2026

romanz requested a review from mmilata March 3, 2026 12:47

github-project-automation Bot moved this to 🔎 Needs review in Firmware Mar 3, 2026

romanz requested a review from matejcik March 3, 2026 12:48

romanz marked this pull request as ready for review March 3, 2026 12:48

romanz requested a review from obrusvit as a code owner March 3, 2026 12:48

romanz requested a review from szymonlesisz March 3, 2026 12:48

mmilata approved these changes Mar 3, 2026

View reviewed changes

mmilata added a commit that referenced this pull request Mar 3, 2026

fixup! feat(rust/trezor-thp): secure channel layer: device side

28c344a

#6549

fix(core/thp): correct Failure_InvalidProtocol constant message

68406c3

[no changelog]

romanz force-pushed the romanz/thp-invalid branch from 53ac49c to 68406c3 Compare March 3, 2026 13:32

romanz merged commit d4b0ca0 into main Mar 3, 2026
104 checks passed

romanz deleted the romanz/thp-invalid branch March 3, 2026 14:49

github-project-automation Bot moved this from 🔎 Needs review to 🤝 Needs QA in Firmware Mar 3, 2026

romanz moved this from 🤝 Needs QA to ✅ Done (no QA) in Firmware Mar 3, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(core/thp): correct `Failure_InvalidProtocol` constant message#6549

fix(core/thp): correct `Failure_InvalidProtocol` constant message#6549
romanz merged 1 commit into
mainfrom
romanz/thp-invalid

romanz commented Mar 3, 2026

Uh oh!

coderabbitai Bot commented Mar 3, 2026 •

edited

Loading

❌ Failed checks (1 warning, 1 inconclusive)

Uh oh!

github-actions Bot commented Mar 3, 2026 •

edited

Loading

Uh oh!

mmilata commented Mar 3, 2026

Uh oh!

romanz commented Mar 3, 2026

Uh oh!

mmilata left a comment

Uh oh!

romanz commented Mar 3, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

	if ftag not in msg_type.FIELDS: # unknown field, skip it
	if wtype == WIRE_TYPE_INT:
	load_uvarint(reader)
	elif wtype == WIRE_TYPE_LENGTH:
	ivalue = load_uvarint(reader)
	if ivalue > MAX_FIELD_SIZE:
	raise ValueError(f"Unknown field {ftag} too large ({ivalue} bytes)")
	reader.readinto(bytearray(ivalue))
	else:
	raise ValueError
	continue

Uh oh!

Conversation

romanz commented Mar 3, 2026

Uh oh!

coderabbitai Bot commented Mar 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Estimated code review effort

❌ Failed checks (1 warning, 1 inconclusive)

Uh oh!

github-actions Bot commented Mar 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

en main(all)

Uh oh!

mmilata commented Mar 3, 2026

Uh oh!

romanz commented Mar 3, 2026

Uh oh!

mmilata left a comment

Choose a reason for hiding this comment

Uh oh!

romanz commented Mar 3, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

coderabbitai Bot commented Mar 3, 2026 •

edited

Loading

github-actions Bot commented Mar 3, 2026 •

edited

Loading

`en` main(all)