1 files changed, 48 insertions, 2 deletions

diff --git a/chromium/device/fido/pin.cc b/chromium/device/fido/pin.cc
index 6480e111017..ee93c4135ec 100644
--- a/chromium/device/fido/pin.cc
+++ b/chromium/device/fido/pin.cc
@@ -508,19 +508,65 @@ AsCTAPRequestValuePair(const PinTokenRequest& request) {
       });
 }
 
-UvTokenRequest::UvTokenRequest(const KeyAgreementResponse& peer_key)
-    : TokenRequest(peer_key) {}
+PinTokenWithPermissionsRequest::PinTokenWithPermissionsRequest(
+    const std::string& pin,
+    const KeyAgreementResponse& peer_key,
+    const uint8_t permissions,
+    const base::Optional<std::string> rp_id)
+    : PinTokenRequest(pin, peer_key),
+      permissions_(permissions),
+      rp_id_(rp_id) {}
+
+// static
+std::pair<CtapRequestCommand, base::Optional<cbor::Value>>
+AsCTAPRequestValuePair(const PinTokenWithPermissionsRequest& request) {
+  uint8_t encrypted_pin[sizeof(request.pin_hash_)];
+  Encrypt(request.shared_key_.data(), request.pin_hash_, encrypted_pin);
+
+  return EncodePINCommand(
+      Subcommand::kGetPinUvAuthTokenUsingPinWithPermissions,
+      [&request, encrypted_pin](cbor::Value::MapValue* map) {
+        map->emplace(static_cast<int>(RequestKey::kKeyAgreement),
+                     std::move(request.cose_key_));
+        map->emplace(
+            static_cast<int>(RequestKey::kPINHashEnc),
+            base::span<const uint8_t>(encrypted_pin, sizeof(encrypted_pin)));
+        map->emplace(static_cast<int>(RequestKey::kPermissions),
+                     std::move(request.permissions_));
+        if (request.rp_id_) {
+          map->emplace(static_cast<int>(RequestKey::kPermissionsRPID),
+                       *request.rp_id_);
+        }
+      });
+}
+
+PinTokenWithPermissionsRequest::~PinTokenWithPermissionsRequest() = default;
+
+PinTokenWithPermissionsRequest::PinTokenWithPermissionsRequest(
+    PinTokenWithPermissionsRequest&& other) = default;
+
+UvTokenRequest::UvTokenRequest(const KeyAgreementResponse& peer_key,
+                               base::Optional<std::string> rp_id)
+    : TokenRequest(peer_key), rp_id_(rp_id) {}
 
 UvTokenRequest::~UvTokenRequest() = default;
 
 UvTokenRequest::UvTokenRequest(UvTokenRequest&& other) = default;
 
+// static
 std::pair<CtapRequestCommand, base::Optional<cbor::Value>>
 AsCTAPRequestValuePair(const UvTokenRequest& request) {
   return EncodePINCommand(
       Subcommand::kGetUvToken, [&request](cbor::Value::MapValue* map) {
         map->emplace(static_cast<int>(RequestKey::kKeyAgreement),
                      std::move(request.cose_key_));
+        map->emplace(static_cast<int>(RequestKey::kPermissions),
+                     static_cast<uint8_t>(Permissions::kMakeCredential) |
+                         static_cast<uint8_t>(Permissions::kGetAssertion));
+        if (request.rp_id_) {
+          map->emplace(static_cast<int>(RequestKey::kPermissionsRPID),
+                       *request.rp_id_);
+        }
       });
 }