inductive Crypto.JOSE.JWSAlgorithm : Type

JWS signing algorithms (RFC 7518 §3.1). $$\text{JWSAlgorithm} \in \{\text{HS256}, \text{RS256}, \text{ES256}, \ldots\}$$

• HS256 : JWSAlgorithm
• HS384 : JWSAlgorithm
• HS512 : JWSAlgorithm
• RS256 : JWSAlgorithm
• RS384 : JWSAlgorithm
• RS512 : JWSAlgorithm
• ES256 : JWSAlgorithm
• ES384 : JWSAlgorithm
• ES512 : JWSAlgorithm
• PS256 : JWSAlgorithm
• PS384 : JWSAlgorithm
• PS512 : JWSAlgorithm
• EdDSA : JWSAlgorithm

@[implicit_reducible]

instance Crypto.JOSE.instBEqJWSAlgorithm : BEq JWSAlgorithm

Equations

• Crypto.JOSE.instBEqJWSAlgorithm = { beq := Crypto.JOSE.instBEqJWSAlgorithm.beq }

def Crypto.JOSE.instBEqJWSAlgorithm.beq : JWSAlgorithm → JWSAlgorithm → Bool

Equations

• Crypto.JOSE.instBEqJWSAlgorithm.beq x✝ y✝ = (x✝.ctorIdx == y✝.ctorIdx)

@[implicit_reducible]

instance Crypto.JOSE.instReprJWSAlgorithm : Repr JWSAlgorithm

Equations

• Crypto.JOSE.instReprJWSAlgorithm = { reprPrec := Crypto.JOSE.instReprJWSAlgorithm.repr }

def Crypto.JOSE.instReprJWSAlgorithm.repr : JWSAlgorithm → Nat → Std.Format

Equations

• One or more equations did not get rendered due to their size.

def Crypto.JOSE.instInhabitedJWSAlgorithm.default : JWSAlgorithm

Equations

• Crypto.JOSE.instInhabitedJWSAlgorithm.default = Crypto.JOSE.JWSAlgorithm.HS256

@[implicit_reducible]

instance Crypto.JOSE.instInhabitedJWSAlgorithm : Inhabited JWSAlgorithm

Equations

• Crypto.JOSE.instInhabitedJWSAlgorithm = { default := Crypto.JOSE.instInhabitedJWSAlgorithm.default }

def Crypto.JOSE.JWSAlgorithm.fromString : String → Option JWSAlgorithm

Convert algorithm name to JWSAlgorithm.

Equations

• Crypto.JOSE.JWSAlgorithm.fromString "HS256" = some Crypto.JOSE.JWSAlgorithm.HS256
• Crypto.JOSE.JWSAlgorithm.fromString "HS384" = some Crypto.JOSE.JWSAlgorithm.HS384
• Crypto.JOSE.JWSAlgorithm.fromString "HS512" = some Crypto.JOSE.JWSAlgorithm.HS512
• Crypto.JOSE.JWSAlgorithm.fromString "RS256" = some Crypto.JOSE.JWSAlgorithm.RS256
• Crypto.JOSE.JWSAlgorithm.fromString "RS384" = some Crypto.JOSE.JWSAlgorithm.RS384
• Crypto.JOSE.JWSAlgorithm.fromString "RS512" = some Crypto.JOSE.JWSAlgorithm.RS512
• Crypto.JOSE.JWSAlgorithm.fromString "ES256" = some Crypto.JOSE.JWSAlgorithm.ES256
• Crypto.JOSE.JWSAlgorithm.fromString "ES384" = some Crypto.JOSE.JWSAlgorithm.ES384
• Crypto.JOSE.JWSAlgorithm.fromString "ES512" = some Crypto.JOSE.JWSAlgorithm.ES512
• Crypto.JOSE.JWSAlgorithm.fromString "PS256" = some Crypto.JOSE.JWSAlgorithm.PS256
• Crypto.JOSE.JWSAlgorithm.fromString "PS384" = some Crypto.JOSE.JWSAlgorithm.PS384
• Crypto.JOSE.JWSAlgorithm.fromString "PS512" = some Crypto.JOSE.JWSAlgorithm.PS512
• Crypto.JOSE.JWSAlgorithm.fromString "EdDSA" = some Crypto.JOSE.JWSAlgorithm.EdDSA
• Crypto.JOSE.JWSAlgorithm.fromString x✝ = none

@[implicit_reducible]

instance Crypto.JOSE.instToStringJWSAlgorithm : ToString JWSAlgorithm

Equations

• One or more equations did not get rendered due to their size.

def Crypto.JOSE.JWSAlgorithm.isSymmetric : JWSAlgorithm → Bool

Is this an HMAC (symmetric) algorithm?

Equations

• Crypto.JOSE.JWSAlgorithm.HS256.isSymmetric = true
• Crypto.JOSE.JWSAlgorithm.HS384.isSymmetric = true
• Crypto.JOSE.JWSAlgorithm.HS512.isSymmetric = true
• x✝.isSymmetric = false

theorem Crypto.JOSE.JWSAlgorithm.fromString_toString_roundtrip (a : JWSAlgorithm) : fromString (toString a) = some a

Roundtrip: fromString (toString a) = some a for all algorithms.

theorem Crypto.JOSE.JWSAlgorithm.isSymmetric_iff (a : JWSAlgorithm) : a.isSymmetric = true ↔ a = HS256 ∨ a = HS384 ∨ a = HS512

isSymmetric returns true if and only if the algorithm is HS256, HS384, or HS512.

inductive Crypto.JOSE.ECCurve : Type

Elliptic curves for EC keys (RFC 7518 §6.2.1.1).

• P256 : ECCurve
• P384 : ECCurve
• P521 : ECCurve

def Crypto.JOSE.instBEqECCurve.beq : ECCurve → ECCurve → Bool

Equations

• Crypto.JOSE.instBEqECCurve.beq x✝ y✝ = (x✝.ctorIdx == y✝.ctorIdx)

@[implicit_reducible]

instance Crypto.JOSE.instBEqECCurve : BEq ECCurve

Equations

• Crypto.JOSE.instBEqECCurve = { beq := Crypto.JOSE.instBEqECCurve.beq }

def Crypto.JOSE.instReprECCurve.repr : ECCurve → Nat → Std.Format

Equations

• Crypto.JOSE.instReprECCurve.repr Crypto.JOSE.ECCurve.P256 prec✝ = Repr.addAppParen (Std.Format.nest (if prec✝ ≥ 1024 then 1 else 2) (Std.Format.text "Crypto.JOSE.ECCurve.P256")).group prec✝
• Crypto.JOSE.instReprECCurve.repr Crypto.JOSE.ECCurve.P384 prec✝ = Repr.addAppParen (Std.Format.nest (if prec✝ ≥ 1024 then 1 else 2) (Std.Format.text "Crypto.JOSE.ECCurve.P384")).group prec✝
• Crypto.JOSE.instReprECCurve.repr Crypto.JOSE.ECCurve.P521 prec✝ = Repr.addAppParen (Std.Format.nest (if prec✝ ≥ 1024 then 1 else 2) (Std.Format.text "Crypto.JOSE.ECCurve.P521")).group prec✝

@[implicit_reducible]

instance Crypto.JOSE.instReprECCurve : Repr ECCurve

Equations

• Crypto.JOSE.instReprECCurve = { reprPrec := Crypto.JOSE.instReprECCurve.repr }

@[implicit_reducible]

instance Crypto.JOSE.instInhabitedECCurve : Inhabited ECCurve

Equations

• Crypto.JOSE.instInhabitedECCurve = { default := Crypto.JOSE.instInhabitedECCurve.default }

def Crypto.JOSE.instInhabitedECCurve.default : ECCurve

Equations

• Crypto.JOSE.instInhabitedECCurve.default = Crypto.JOSE.ECCurve.P256

def Crypto.JOSE.ECCurve.fromString : String → Option ECCurve

Equations

• Crypto.JOSE.ECCurve.fromString "P-256" = some Crypto.JOSE.ECCurve.P256
• Crypto.JOSE.ECCurve.fromString "P-384" = some Crypto.JOSE.ECCurve.P384
• Crypto.JOSE.ECCurve.fromString "P-521" = some Crypto.JOSE.ECCurve.P521
• Crypto.JOSE.ECCurve.fromString x✝ = none

@[implicit_reducible]

instance Crypto.JOSE.instToStringECCurve : ToString ECCurve

Equations

• One or more equations did not get rendered due to their size.

theorem Crypto.JOSE.ECCurve.fromString_toString_roundtrip (c : ECCurve) : fromString (toString c) = some c

Roundtrip: fromString (toString c) = some c for all EC curves.

@[implicit_reducible]

instance Crypto.JOSE.instReprByteArray_hale : Repr ByteArray

Repr instance for ByteArray (not provided by Lean 4.30+ stdlib).

Equations

• Crypto.JOSE.instReprByteArray_hale = { reprPrec := fun (ba : ByteArray) (x : Nat) => Std.Format.text (toString "ByteArray.mk " ++ toString ba.data.toList) }

inductive Crypto.JOSE.JWKKeyMaterial : Type

Key material for a JSON Web Key (RFC 7517). $$\text{JWKKeyMaterial} = \text{RSA}\ n\ e\ |\ \text{EC}\ \text{crv}\ x\ y\ |\ \text{Oct}\ k$$

• rsa (n e : ByteArray) (d : Option ByteArray) : JWKKeyMaterial

  RSA public key: modulus n, exponent e, optional private exponent d.

• ec (crv : ECCurve) (x y : ByteArray) (d : Option ByteArray) : JWKKeyMaterial

  EC public key: curve, x-coordinate, y-coordinate, optional private key d.

• oct (k : ByteArray) : JWKKeyMaterial

  Symmetric (octet) key.

def Crypto.JOSE.instReprJWKKeyMaterial.repr : JWKKeyMaterial → Nat → Std.Format

Equations

• One or more equations did not get rendered due to their size.

@[implicit_reducible]

instance Crypto.JOSE.instReprJWKKeyMaterial : Repr JWKKeyMaterial

Equations

• Crypto.JOSE.instReprJWKKeyMaterial = { reprPrec := Crypto.JOSE.instReprJWKKeyMaterial.repr }

inductive Crypto.JOSE.JWKKeyType : Type

Valid JWK key types per RFC 7518 §6.1.

• RSA : JWKKeyType
• EC : JWKKeyType
• oct : JWKKeyType

def Crypto.JOSE.instBEqJWKKeyType.beq : JWKKeyType → JWKKeyType → Bool

Equations

• Crypto.JOSE.instBEqJWKKeyType.beq x✝ y✝ = (x✝.ctorIdx == y✝.ctorIdx)

@[implicit_reducible]

instance Crypto.JOSE.instBEqJWKKeyType : BEq JWKKeyType

Equations

• Crypto.JOSE.instBEqJWKKeyType = { beq := Crypto.JOSE.instBEqJWKKeyType.beq }

@[implicit_reducible]

instance Crypto.JOSE.instDecidableEqJWKKeyType : DecidableEq JWKKeyType

Equations

• Crypto.JOSE.instDecidableEqJWKKeyType x✝ y✝ = if h : x✝.ctorIdx = y✝.ctorIdx then isTrue ⋯ else isFalse ⋯

@[implicit_reducible]

instance Crypto.JOSE.instReprJWKKeyType : Repr JWKKeyType

Equations

• Crypto.JOSE.instReprJWKKeyType = { reprPrec := Crypto.JOSE.instReprJWKKeyType.repr }

def Crypto.JOSE.instReprJWKKeyType.repr : JWKKeyType → Nat → Std.Format

Equations

• One or more equations did not get rendered due to their size.

def Crypto.JOSE.instInhabitedJWKKeyType.default : JWKKeyType

Equations

• Crypto.JOSE.instInhabitedJWKKeyType.default = Crypto.JOSE.JWKKeyType.RSA

@[implicit_reducible]

instance Crypto.JOSE.instInhabitedJWKKeyType : Inhabited JWKKeyType

Equations

• Crypto.JOSE.instInhabitedJWKKeyType = { default := Crypto.JOSE.instInhabitedJWKKeyType.default }

@[implicit_reducible]

instance Crypto.JOSE.instToStringJWKKeyType : ToString JWKKeyType

Equations

• One or more equations did not get rendered due to their size.

def Crypto.JOSE.JWKKeyType.fromString : String → Option JWKKeyType

Parse a key type string.

Equations

• Crypto.JOSE.JWKKeyType.fromString "RSA" = some Crypto.JOSE.JWKKeyType.RSA
• Crypto.JOSE.JWKKeyType.fromString "EC" = some Crypto.JOSE.JWKKeyType.EC
• Crypto.JOSE.JWKKeyType.fromString "oct" = some Crypto.JOSE.JWKKeyType.oct
• Crypto.JOSE.JWKKeyType.fromString x✝ = none

theorem Crypto.JOSE.JWKKeyType.fromString_toString_roundtrip (k : JWKKeyType) : fromString (toString k) = some k

Roundtrip: fromString (toString k) = some k for all key types.

inductive Crypto.JOSE.JWKUse : Type

Valid JWK public key usage values per RFC 7517 §4.2.

• sig : JWKUse
• enc : JWKUse

def Crypto.JOSE.instBEqJWKUse.beq : JWKUse → JWKUse → Bool

Equations

• Crypto.JOSE.instBEqJWKUse.beq x✝ y✝ = (x✝.ctorIdx == y✝.ctorIdx)

@[implicit_reducible]

instance Crypto.JOSE.instBEqJWKUse : BEq JWKUse

Equations

• Crypto.JOSE.instBEqJWKUse = { beq := Crypto.JOSE.instBEqJWKUse.beq }

@[implicit_reducible]

instance Crypto.JOSE.instReprJWKUse : Repr JWKUse

Equations

• Crypto.JOSE.instReprJWKUse = { reprPrec := Crypto.JOSE.instReprJWKUse.repr }

def Crypto.JOSE.instReprJWKUse.repr : JWKUse → Nat → Std.Format

Equations

• Crypto.JOSE.instReprJWKUse.repr Crypto.JOSE.JWKUse.sig prec✝ = Repr.addAppParen (Std.Format.nest (if prec✝ ≥ 1024 then 1 else 2) (Std.Format.text "Crypto.JOSE.JWKUse.sig")).group prec✝
• Crypto.JOSE.instReprJWKUse.repr Crypto.JOSE.JWKUse.enc prec✝ = Repr.addAppParen (Std.Format.nest (if prec✝ ≥ 1024 then 1 else 2) (Std.Format.text "Crypto.JOSE.JWKUse.enc")).group prec✝

@[implicit_reducible]

instance Crypto.JOSE.instToStringJWKUse : ToString JWKUse

Equations

• Crypto.JOSE.instToStringJWKUse = { toString := fun (x : Crypto.JOSE.JWKUse) => match x with | Crypto.JOSE.JWKUse.sig => "sig" | Crypto.JOSE.JWKUse.enc => "enc" }

structure Crypto.JOSE.JWK : Type

A JSON Web Key (RFC 7517). $$\text{JWK} = \{ \text{kty}, \text{kid}?, \text{alg}?, \text{use}?, \text{material} \}$$

The kty field is a JWKKeyType (not a raw String), constraining it to the valid values "RSA", "EC", "oct" per RFC 7518 §6.1. The kty_material_coherent proof ensures the key type matches the key material.

• kty : JWKKeyType

  Key type: constrained to valid values per RFC 7518 §6.1.

• kid : Option String

  Key ID (optional).

• alg : Option JWSAlgorithm

  Algorithm (optional).

• use : Option JWKUse

  Public key use: "sig" or "enc" (optional), now typed.

• material : JWKKeyMaterial

  The key material.

• kty_material_coherent : (self.kty = JWKKeyType.RSA → ∃ (n : ByteArray), ∃ (e : ByteArray), ∃ (d : Option ByteArray), self.material = JWKKeyMaterial.rsa n e d) ∧ (self.kty = JWKKeyType.EC → ∃ (crv : ECCurve), ∃ (x : ByteArray), ∃ (y : ByteArray), ∃ (d : Option ByteArray), self.material = JWKKeyMaterial.ec crv x y d) ∧ (self.kty = JWKKeyType.oct → ∃ (k : ByteArray), self.material = JWKKeyMaterial.oct k)

  The key type must be coherent with the key material.

@[implicit_reducible]

instance Crypto.JOSE.instReprJWK : Repr JWK

Equations

• One or more equations did not get rendered due to their size.

structure Crypto.JOSE.JWKSet : Type

A set of JWKs (RFC 7517 §5).

• keys : Array JWK

@[implicit_reducible]

instance Crypto.JOSE.instReprJWKSet : Repr JWKSet

Equations

• Crypto.JOSE.instReprJWKSet = { reprPrec := fun (s : Crypto.JOSE.JWKSet) (x : Nat) => Std.Format.text (toString "JWKSet(keys=" ++ toString (repr s.keys) ++ toString ")") }

structure Crypto.JOSE.ClaimsSet : Type

Registered claim names for JWTs (RFC 7519 §4.1).

• iss : Option String

  Issuer claim.

• sub : Option String

  Subject claim.

• aud : Option (List String)

  Audience claim (can be a single string or array).

• exp : Option Nat

  Expiration time (Unix timestamp).

• nbf : Option Nat

  Not before (Unix timestamp).

• iat : Option Nat

  Issued at (Unix timestamp).

• jti : Option String

  JWT ID.

• unregisteredClaims : List (String × String)

  Unregistered (custom) claims as key-value pairs. Values are stored as their JSON string representation.

@[implicit_reducible]

instance Crypto.JOSE.instReprClaimsSet : Repr ClaimsSet

Equations

• Crypto.JOSE.instReprClaimsSet = { reprPrec := Crypto.JOSE.instReprClaimsSet.repr }

def Crypto.JOSE.instReprClaimsSet.repr : ClaimsSet → Nat → Std.Format

Equations

• One or more equations did not get rendered due to their size.

@[implicit_reducible]

instance Crypto.JOSE.instInhabitedClaimsSet : Inhabited ClaimsSet

Equations

• Crypto.JOSE.instInhabitedClaimsSet = { default := Crypto.JOSE.instInhabitedClaimsSet.default }

def Crypto.JOSE.instInhabitedClaimsSet.default : ClaimsSet

Equations

• Crypto.JOSE.instInhabitedClaimsSet.default = { iss := default, sub := default, aud := default, exp := default, nbf := default, iat := default, jti := default, unregisteredClaims := default }

def Crypto.JOSE.ClaimsSet.lookupClaim (claims : ClaimsSet) (key : String) : Option String

Look up a custom claim value by name.

Equations

• claims.lookupClaim key = List.lookup key claims.unregisteredClaims

structure Crypto.JOSE.JWSHeader : Type

JWS JOSE Header (RFC 7515 §4).

• alg : JWSAlgorithm
• kid : Option String
• typ : Option String
• cty : Option String

def Crypto.JOSE.instBEqJWSHeader.beq : JWSHeader → JWSHeader → Bool

Equations

• Crypto.JOSE.instBEqJWSHeader.beq { alg := a, kid := a_1, typ := a_2, cty := a_3 } { alg := b, kid := b_1, typ := b_2, cty := b_3 } = (a == b && (a_1 == b_1 && (a_2 == b_2 && a_3 == b_3)))
• Crypto.JOSE.instBEqJWSHeader.beq x✝¹ x✝ = false

@[implicit_reducible]

instance Crypto.JOSE.instBEqJWSHeader : BEq JWSHeader

Equations

• Crypto.JOSE.instBEqJWSHeader = { beq := Crypto.JOSE.instBEqJWSHeader.beq }

def Crypto.JOSE.instReprJWSHeader.repr : JWSHeader → Nat → Std.Format

Equations

• One or more equations did not get rendered due to their size.

@[implicit_reducible]

instance Crypto.JOSE.instReprJWSHeader : Repr JWSHeader

Equations

• Crypto.JOSE.instReprJWSHeader = { reprPrec := Crypto.JOSE.instReprJWSHeader.repr }

structure Crypto.JOSE.JWTValidationSettings : Type

Configuration for JWT validation. allowedSkew is bounded to at most 600 seconds (10 minutes) to prevent dangerously permissive clock skew that could accept expired/future tokens.

• allowedSkew : Nat

  Allowed clock skew in seconds (max 600 = 10 minutes).

• allowedSkew_bounded : self.allowedSkew ≤ 600

  The clock skew must not exceed 10 minutes (600 seconds).

• checkExpiry : Bool

  Whether to check the exp claim.

• checkNotBefore : Bool

  Whether to check the nbf claim.

• audienceMatches : Option (List String)

  If set, the aud claim must contain one of these values.

• issuerMatches : Option (List String)

  If set, the iss claim must be one of these values.

@[implicit_reducible]

instance Crypto.JOSE.instReprJWTValidationSettings : Repr JWTValidationSettings

Equations

• Crypto.JOSE.instReprJWTValidationSettings = { reprPrec := Crypto.JOSE.instReprJWTValidationSettings.repr }

def Crypto.JOSE.instReprJWTValidationSettings.repr : JWTValidationSettings → Nat → Std.Format

Equations

• One or more equations did not get rendered due to their size.

@[implicit_reducible]

instance Crypto.JOSE.instInhabitedJWTValidationSettings : Inhabited JWTValidationSettings

Equations

• Crypto.JOSE.instInhabitedJWTValidationSettings = { default := { allowedSkew_bounded := Crypto.JOSE.instInhabitedJWTValidationSettings._proof_2 } }

inductive Crypto.JOSE.JwtError : Type

Errors that can occur during JWT validation.

• malformedToken (msg : String) : JwtError

  The JWT string has an invalid format (not 3 dot-separated parts).

• headerParseError (msg : String) : JwtError

  The header JSON cannot be parsed.

• claimsParseError (msg : String) : JwtError

  The claims JSON cannot be parsed.

• unsupportedAlgorithm (alg : String) : JwtError

  The algorithm in the header is not supported.

• signatureVerificationFailed : JwtError

  Signature verification failed.

• tokenExpired (exp now : Nat) : JwtError

  The token has expired.

• tokenNotYetValid (nbf now : Nat) : JwtError

  The token is not yet valid.

• audienceMismatch : JwtError

  The audience claim does not match.

• issuerMismatch : JwtError

  The issuer claim does not match.

• noMatchingKey : JwtError

  No matching key found in the key set.

• noneAlgorithmNotAllowed : JwtError

  The "none" algorithm is not allowed.

def Crypto.JOSE.instBEqJwtError.beq : JwtError → JwtError → Bool

Equations

• One or more equations did not get rendered due to their size.

@[implicit_reducible]

instance Crypto.JOSE.instBEqJwtError : BEq JwtError

Equations

• Crypto.JOSE.instBEqJwtError = { beq := Crypto.JOSE.instBEqJwtError.beq }

@[implicit_reducible]

instance Crypto.JOSE.instReprJwtError : Repr JwtError

Equations

• Crypto.JOSE.instReprJwtError = { reprPrec := Crypto.JOSE.instReprJwtError.repr }

def Crypto.JOSE.instReprJwtError.repr : JwtError → Nat → Std.Format

Equations

• One or more equations did not get rendered due to their size.

@[implicit_reducible]

instance Crypto.JOSE.instToStringJwtError : ToString JwtError

Equations

• One or more equations did not get rendered due to their size.