From f26ecfffcafcf41fe2fa070cbf4aef78cae660af Mon Sep 17 00:00:00 2001
From: Noa Resare <noa@resare.com>
Date: Wed, 3 Jun 2015 09:54:39 +0200
Subject: [PATCH 1/2] TspiPolicy.set_secret: clarify param types, accept string
 secrets

---
 pytss/__init__.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pytss/__init__.py b/pytss/__init__.py
index b40beab..443c9ab 100644
--- a/pytss/__init__.py
+++ b/pytss/__init__.py
@@ -138,10 +138,14 @@ def set_secret(self, sectype, secret):
         """
         Set the authorisation data of a policy object
 
-        :param sectype: The type of the secret
-        :param secret: The secret data blob
+        :param sectype: The type of the secret, any of the constants
+            prefixed TSS_SECRET_MODE_ in tspi_defines
+        :param secret: The secret data blob as either a string or
+            array of integers in the range 0..255
         """
         csecret = ffi.new('BYTE[]', len(secret))
+        if isinstance(secret, basestring):
+            secret = bytearray(secret)
         for i in range(len(secret)):
             csecret[i] = secret[i]
         tss_lib.Tspi_Policy_SetSecret(self.handle[0], sectype, len(secret), csecret)

From 8691b82bea9e3ffef8595886bdc198f7157a78f8 Mon Sep 17 00:00:00 2001
From: Noa Resare <noa@resare.com>
Date: Wed, 3 Jun 2015 11:15:59 +0200
Subject: [PATCH 2/2] Unbroke TspiHash.update(). Introduced TspiHash.sign()

* Made the methods accepting data that turns into BYTE[] accept
a python string as well as a python bytearray
* Fixed some typos in TspiHash
---
 pytss/__init__.py     | 49 +++++++++++++++++++++++++++++--------------
 pytss/tspi_defines.py |  3 +++
 2 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/pytss/__init__.py b/pytss/__init__.py
index 443c9ab..eb75f22 100644
--- a/pytss/__init__.py
+++ b/pytss/__init__.py
@@ -143,12 +143,8 @@ def set_secret(self, sectype, secret):
         :param secret: The secret data blob as either a string or
             array of integers in the range 0..255
         """
-        csecret = ffi.new('BYTE[]', len(secret))
-        if isinstance(secret, basestring):
-            secret = bytearray(secret)
-        for i in range(len(secret)):
-            csecret[i] = secret[i]
-        tss_lib.Tspi_Policy_SetSecret(self.handle[0], sectype, len(secret), csecret)
+        tss_lib.Tspi_Policy_SetSecret(self.handle[0], sectype, len(secret),
+                                      _c_byte_array(secret))
 
     def assign(self, target):
         """
@@ -189,7 +185,6 @@ def get_pcrs(self):
             tss_lib.Tspi_Context_FreeMemory(self.context, buf[0])
         return self.pcrs
 
-
 class TspiHash(TspiObject):
     def __init__(self, context, flags):
         super(TspiHash, self).__init__(context, 'TSS_HHASH *',
@@ -201,10 +196,8 @@ def update(self, data):
 
         :param data: The data to hash
         """
-        cdata = ffi.new('BYTE []', len(data))
-        for i in range(len(data)):
-            cdata[i] = data[i]
-        tss_lib.TspiHash_UpdateHashValue(self.get_handle(), len(data), cdata)
+        tss_lib.Tspi_Hash_UpdateHashValue(self.get_handle(), len(data),
+                                          _c_byte_array(data))
 
     def verify(self, key, signature):
         """
@@ -213,11 +206,20 @@ def verify(self, key, signature):
         :param key: A TspiObject representing the key to use
         :param signature: The signature to compare against
         """
-        cquote = ffi.new('BYTE []', len(quote))
-        for i in range(len(quote)):
-            cquote[i] = quote[i]
-        tss_lib.TspiHash_VerifySignature(self.get_handle(), key.get_handle(),
-                                     len(quote), cquote)
+        tss_lib.Tspi_Hash_VerifySignature(self.get_handle(), key.get_handle(),
+                                     len(signature), _c_byte_array(signature))
+
+    def sign(self, key):
+        """
+        Sign this hash with the specified key and return a signature
+
+        :param key: a TspiKey instance corresponding to a loaded key
+        :return: a string of bytes containing the signature
+        """
+        csig_size = ffi.new("UINT32*")
+        csig_data = ffi.new("BYTE**")
+        tss_lib.Tspi_Hash_Sign(self.get_handle(), key.get_handle(), csig_size, csig_data)
+        return ffi.buffer(csig_data[0], csig_size[0])
 
 
 class TspiKey(TspiObject):
@@ -580,3 +582,18 @@ def load_key_by_blob(self, srk, blob):
     def get_tpm_object(self):
         """Returns the TspiTPM associated with this context"""        
         return self.tpm
+
+
+def _c_byte_array(data):
+    """
+    Creates and returns a ffi BYTE[] type containing data.
+    :param data: a string of bytes or array of integers in range 0x00..0xff
+    :return: ffi cdata instance backed by a c BYTE[] structure containing
+        the contents of data
+    """
+    cdata = ffi.new('BYTE []', len(data))
+    if isinstance(data, basestring):
+        data = bytearray(data)
+    for i in range(len(data)):
+        cdata[i] = data[i]
+    return cdata
diff --git a/pytss/tspi_defines.py b/pytss/tspi_defines.py
index 89b5496..6e87d23 100644
--- a/pytss/tspi_defines.py
+++ b/pytss/tspi_defines.py
@@ -269,3 +269,6 @@
 TSS_PCRS_STRUCT_INFO_SHORT = tss_lib.TSS_PCRS_STRUCT_INFO_SHORT
 TSS_PCRS_DIRECTION_CREATION = tss_lib.TSS_PCRS_DIRECTION_CREATION
 TSS_PCRS_DIRECTION_RELEASE = tss_lib.TSS_PCRS_DIRECTION_RELEASE
+
+TSS_HASH_SHA1 = tss_lib.TSS_HASH_SHA1
+TSS_HASH_OTHER = tss_lib.TSS_HASH_OTHER