swanctl: Document signature scheme constraints

1 files changed, 30 insertions, 1 deletions

diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index a3e3cd4eb..b053fe32a 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -309,6 +309,19 @@ connections.<conn>.local<suffix>.auth = pubkey
 	An EAP module implementing the appropriate method is selected to perform
 	the EAP conversation.
 
+	If both peers support RFC 7427 ("Signature Authentication in IKEv2")
+	specific hash algorithms to be used during IKEv2 authentication may be
+	configured. To do so use _ike:_ followed by a trust chain signature scheme
+	constraint (see description of the **remote** section's **auth** keyword).
+	For example, with _ike:pubkey-sha384-sha256_ a public key signature scheme
+	with either SHA-384 or SHA-256 would get used for authentication, in that
+	order and depending on the hash algorithms supported by the peer. If no
+	specific hash algorithms are configured, the default is to prefer an
+	algorithm that matches or exceeds the strength of the signature key.
+	If no constraints with _ike:_ prefix are configured any signature scheme
+	constraint (without _ike:_ prefix) will also apply to IKEv2 authentication,
+	unless this is disabled in **strongswan.conf**(5).
+
 connections.<conn>.local<suffix>.id =
 	IKE identity to use for authentication round.
 
@@ -415,9 +428,25 @@ connections.<conn>.remote<suffix>.auth = pubkey
 	Authentication to expect from remote (_pubkey_, _psk_, _xauth[-backend]_ or
 	_eap[-method]_).
 
-	Authentication to expect from remote. See the **local** sections **auth**
+	Authentication to expect from remote. See the **local** section's **auth**
 	keyword description about the details of supported mechanisms.
 
+	To require a trustchain public key strength for the remote side, specify the
+	key type followed by the minimum strength in bits (for example _ecdsa-384_
+	or _rsa-2048-ecdsa-256_). To limit the acceptable set of hashing algorithms
+	for trustchain validation, append hash algorithms to _pubkey_ or a key
+	strength definition (for example _pubkey-sha1-sha256_ or
+	_rsa-2048-ecdsa-256-sha256-sha384-sha512_).
+	Unless disabled in **strongswan.conf**(5), or explicit IKEv2 signature
+	constraints are configured (refer to the description of the **local**
+	section's **auth** keyword for details), such key types and hash algorithms
+	are also applied as constraints against IKEv2 signature authentication
+	schemes used by the remote side.
+
+	To specify trust chain constraints for EAP-(T)TLS, append a colon to the
+	EAP method, followed by the key type/size and hash algorithm as discussed
+	above (e.g. _eap-tls:ecdsa-384-sha384_).
+
 connections.<conn>.children.<child> {}
 	CHILD_SA configuration sub-section.