Android.common.mk

@@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \
               )
 
 # strongSwan version, replaced by top Makefile
-strongswan_VERSION := "5.6.1"
+strongswan_VERSION := "5.6.2"
 

NEWS

+strongswan-5.6.2
+----------------
+
+- Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that
+  was caused by insufficient input validation.  One of the configurable
+  parameters in algorithm identifier structures for RSASSA-PSS signatures is the
+  mask generation function (MGF).  Only MGF1 is currently specified for this
+  purpose.  However, this in turn takes itself a parameter that specifies the
+  underlying hash function.  strongSwan's parser did not correctly handle the
+  case of this parameter being absent, causing an undefined data read.
+  This vulnerability has been registered as CVE-2018-6459.
+
+- The previously negotiated DH group is reused when rekeying an SA, instead of
+  using the first group in the configured proposals, which avoids an additional
+  exchange if the peer selected a different group via INVALID_KE_PAYLOAD when
+  the SA was created initially.
+  The selected DH group is also moved to the front of all sent proposals that
+  contain it and all proposals that don't are moved to the back in order to
+  convey the preference for this group to the peer.
+
+- Handling of MOBIKE task queuing has been improved. In particular, the response
+  to an address update is not ignored anymore if only an address list update or
+  DPD is queued.
+
+- The fallback drop policies installed to avoid traffic leaks when replacing
+  addresses in installed policies are now replaced by temporary drop policies,
+  which also prevent acquires because we currently delete and reinstall IPsec
+  SAs to update their addresses.
+
+- Access X.509 certificates held in non-volatile storage of a TPM 2.0
+  referenced via the NV index.
+
+- Adding the --keyid parameter to pki --print allows to print private keys
+  or certificates stored in a smartcard or a TPM 2.0.
+
+- Fixed proposal selection if a peer incorrectly sends DH groups in the ESP
+  proposals during IKE_AUTH and also if a DH group is configured in the local
+  ESP proposal and charon.prefer_configured_proposals is disabled.
+
+- MSKs received via RADIUS are now padded to 64 bytes to avoid compatibility
+  issues with EAP-MSCHAPv2 and PRFs that have a block size < 64 bytes (e.g.
+  AES-XCBC-PRF-128).
+
+- The tpm_extendpcr command line tool extends a digest into a TPM PCR.
+
+- Ported the NetworkManager backend from the deprecated libnm-glib to libnm.
+
+- The save-keys debugging/development plugin saves IKE and/or ESP keys to files
+  compatible with Wireshark.
+
+
 strongswan-5.6.1
 ----------------
 
@@ -1370,7 +1421,7 @@ strongswan-4.4.1
 - The openssl plugin now supports X.509 certificate and CRL functions.
 
 - OCSP/CRL checking in IKEv2 has been moved to the revocation plugin, enabled
-  by default. Plase update manual load directives in strongswan.conf.
+  by default. Please update manual load directives in strongswan.conf.
 
 - RFC3779 ipAddrBlock constraint checking has been moved to the addrblock
   plugin, disabled by default. Enable it and update manual load directives
@@ -1832,7 +1883,7 @@ strongswan-4.2.8
 
 - Several MOBIKE improvements: Detect changes in NAT mappings in DPD exchanges,
   handle events if kernel detects NAT mapping changes in UDP-encapsulated
-  ESP packets (requires kernel patch), reuse old addesses in MOBIKE updates as
+  ESP packets (requires kernel patch), reuse old addresses in MOBIKE updates as
   long as possible and other fixes.
 
 - Fixed a bug in addr_in_subnet() which caused insertion of wrong source
@@ -2111,7 +2162,7 @@ strongswan-4.1.7
 
 - In NAT traversal situations and multiple queued Quick Modes,
   those pending connections inserted by auto=start after the
-  port floating from 500 to 4500 were erronously deleted.
+  port floating from 500 to 4500 were erroneously deleted.
 
 - Added a "forceencaps" connection parameter to enforce UDP encapsulation
   to surmount restrictive firewalls. NAT detection payloads are faked to
@@ -2705,7 +2756,7 @@ strongswan-2.6.0
 strongswan-2.5.7
 ----------------
 
-- CA certicates are now automatically loaded from a smartcard
+- CA certificates are now automatically loaded from a smartcard
   or USB crypto token and appear in the ipsec auto --listcacerts
   listing.
 
@@ -2818,7 +2869,7 @@ strongswan-2.5.1
 - Under the native IPsec of the Linux 2.6 kernel, a %trap eroute
   installed either by setting auto=route in ipsec.conf or by
   a connection put into hold, generates an XFRM_AQUIRE event
-  for each packet that wants to use the not-yet exisiting
+  for each packet that wants to use the not-yet existing
   tunnel. Up to now each XFRM_AQUIRE event led to an entry in
   the Quick Mode queue, causing multiple IPsec SA to be
   established in rapid succession. Starting with strongswan-2.5.1

README

@@ -36,7 +36,7 @@ Configuration on gateway _moon_:
 
     /etc/swanctl/x509ca/strongswanCert.pem
     /etc/swanctl/x509/moonCert.pem
-    /etc/swanctl/priv/moonKey.pem
+    /etc/swanctl/private/moonKey.pem
 
     /etc/swanctl/swanctl.conf:
 
@@ -66,7 +66,7 @@ Configuration on gateway _sun_:
 
     /etc/swanctl/x509ca/strongswanCert.pem
     /etc/swanctl/x509/sunCert.pem
-    /etc/swanctl/priv/sunKey.pem
+    /etc/swanctl/private/sunKey.pem
 
     /etc/swanctl/swanctl.conf:
 
@@ -120,7 +120,7 @@ connections we will use the default IPsec tunnel mode.
 
     /etc/swanctl/x509ca/strongswanCert.pem
     /etc/swanctl/x509/moonCert.pem
-    /etc/swanctl/priv/moonKey.pem
+    /etc/swanctl/private/moonKey.pem
 
     /etc/swanctl/swanctl.conf:
 
@@ -148,7 +148,7 @@ Configuration on host _sun_:
 
     /etc/swanctl/x509ca/strongswanCert.pem
     /etc/swanctl/x509/sunCert.pem
-    /etc/swanctl/priv/sunKey.pem
+    /etc/swanctl/private/sunKey.pem
 
     /etc/swanctl/swanctl.conf:
 
@@ -185,7 +185,7 @@ Configuration on gateway _moon_:
 
     /etc/swanctl/x509ca/strongswanCert.pem
     /etc/swanctl/x509/moonCert.pem
-    /etc/swanctl/priv/moonKey.pem
+    /etc/swanctl/private/moonKey.pem
 
     /etc/swanctl/swanctl.conf:
 
@@ -211,7 +211,7 @@ Configuration on roadwarrior _carol_:
 
     /etc/swanctl/x509ca/strongswanCert.pem
     /etc/swanctl/x509/carolCert.pem
-    /etc/swanctl/priv/carolKey.pem
+    /etc/swanctl/private/carolKey.pem
 
     /etc/swanctl/swanctl.conf:
 
@@ -277,7 +277,7 @@ Configuration on gateway _moon_:
 
     /etc/swanctl/x509ca/strongswanCert.pem
     /etc/swanctl/x509/moonCert.pem
-    /etc/swanctl/rsa/moonKey.pem
+    /etc/swanctl/private/moonKey.pem
 
     /etc/swanctl/swanctl.conf:
 
@@ -311,7 +311,7 @@ Configuration on roadwarrior _carol_:
 
     /etc/swanctl/x509ca/strongswanCert.pem
     /etc/swanctl/x509/carolCert.pem
-    /etc/swanctl/priv/carolKey.pem
+    /etc/swanctl/private/carolKey.pem
 
     /etc/swanctl/swanctl.conf:
 
@@ -352,7 +352,7 @@ Configuration on gateway _moon_:
 
     /etc/swanctl/x509ca/strongswanCert.pem
     /etc/swanctl/x509/moonCert.pem
-    /etc/swanctl/priv/moonKey.pem
+    /etc/swanctl/private/moonKey.pem
 
     /etc/swanctl/swanctl.conf:
 
@@ -437,7 +437,7 @@ Configuration on gateway _moon_:
 
     /etc/swanctl/x509ca/strongswanCert.pem
     /etc/swanctl/x509/moonCert.pem
-    /etc/swanctl/priv/moonKey.pem
+    /etc/swanctl/private/moonKey.pem
 
     /etc/swanctl/swanctl.conf:
 

conf/Makefile.am

@@ -87,6 +87,7 @@ plugins = \
 	plugins/random.opt \
 	plugins/resolve.opt \
 	plugins/revocation.opt \
+	plugins/save-keys.opt \
 	plugins/socket-default.opt \
 	plugins/sql.opt \
 	plugins/stroke.opt \

conf/Makefile.in

@@ -493,6 +493,7 @@ plugins = \
 	plugins/random.opt \
 	plugins/resolve.opt \
 	plugins/revocation.opt \
+	plugins/save-keys.opt \
 	plugins/socket-default.opt \
 	plugins/sql.opt \
 	plugins/stroke.opt \

conf/options/charon.conf

@@ -7,9 +7,9 @@ charon {
     # Maximum number of half-open IKE_SAs for a single peer IP.
     # block_threshold = 5
 
-    # Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should
-    # be saved under a unique file name derived from the public key of the
-    # Certification Authority (CA) to /etc/ipsec.d/crls (stroke) or
+    # Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP
+    # should be saved under a unique file name derived from the public key of
+    # the Certification Authority (CA) to /etc/ipsec.d/crls (stroke) or
     # /etc/swanctl/x509crl (vici), respectively.
     # cache_crls = no
 

conf/options/charon.opt

@@ -31,7 +31,7 @@ charon.cert_cache = yes
 	memory.
 
 charon.cache_crls = no
-	Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should
+	Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP should
 	be saved under a unique file name derived from the public key of the
 	Certification Authority (CA) to **/etc/ipsec.d/crls** (stroke) or
 	**/etc/swanctl/x509crl** (vici), respectively.

conf/plugins/ha.opt

@@ -2,6 +2,13 @@ charon.plugins.ha.autobalance = 0
 	Interval in seconds to automatically balance handled segments between nodes.
 	Set to 0 to disable.
 
+charon.plugin.ha.buflen = 2048
+	Buffer size for received HA messages.
+
+	Buffer size for received HA messages. For IKEv1 the public DH factors are
+	also transmitted so depending on the DH group the HA messages can get quite
+	big (the default should be fine up to _modp4096_).
+
 charon.plugins.ha.fifo_interface = yes
 
 charon.plugins.ha.heartbeat_delay = 1000

conf/plugins/imc-os.opt

@@ -6,6 +6,10 @@ libimcv.plugins.imc-os.device_id =
 	Manually set the client device ID in hexadecimal format
    (e.g. 1083f03988c9762703b1c1080c2e46f72b99cc31)
 
+libimcv.plugins.imc-os.device_handle =
+	Manually set handle to a private key bound to a smartcard or TPM
+    (e.g. 0x81010004)
+
 libimcv.plugins.imc-os.device_pubkey =
 	Manually set the path to the client device public key
     (e.g. /etc/pts/aikPub.der)

conf/plugins/kernel-netlink.conf

@@ -35,6 +35,9 @@ kernel-netlink {
     # Whether to use port or socket based IKE XFRM bypass policies.
     # port_bypass = no
 
+    # Whether to process changes in routing rules to trigger roam events.
+    # process_rules = no
+
     # Maximum Netlink socket receive buffer in bytes.
     # receive_buffer_size = 0
 

conf/plugins/kernel-netlink.opt

@@ -7,7 +7,7 @@ charon.plugins.kernel-netlink.force_receive_buffer_size = no
 	If the maximum Netlink socket receive buffer in bytes set by
 	_receive_buffer_size_ exceeds the system-wide maximum from
 	/proc/sys/net/core/rmem_max, this option can be used to override the limit.
-	Enabling this option requires special priviliges (CAP_NET_ADMIN).
+	Enabling this option requires special privileges (CAP_NET_ADMIN).
 
 charon.plugins.kernel-netlink.fwmark =
 	Firewall mark to set on the routing rule that directs traffic to our routing
@@ -47,6 +47,13 @@ charon.plugins.kernel-netlink.port_bypass = no
 	port based policies use global XFRM bypass policies for the used IKE UDP
 	ports.
 
+charon.plugins.kernel-netlink.process_rules = no
+	Whether to process changes in routing rules to trigger roam events.
+
+	Whether to process changes in routing rules to trigger roam events. This is
+	currently only useful if the kernel based route lookup is used (i.e. if
+	route installation is disabled or an inverted fwmark match is configured).
+
 charon.plugins.kernel-netlink.receive_buffer_size = 0
 	Maximum Netlink socket receive buffer in bytes.
 

conf/plugins/save-keys.conf

+save-keys {
+
+    # Whether to save ESP keys.
+    # esp = no
+
+    # Whether to save IKE keys.
+    # ike = no
+
+    # Whether to load the plugin.
+    load = no
+
+    # Directory where the keys are stored in the format supported by Wireshark
+    # wireshark_keys =
+
+}
+

conf/plugins/save-keys.opt

+charon.plugins.save-keys.load := no
+	Whether to load the plugin.
+
+charon.plugins.save-keys.esp = no
+	Whether to save ESP keys.
+
+charon.plugins.save-keys.ike = no
+	Whether to save IKE keys.
+
+charon.plugins.save-keys.wireshark_keys
+	Directory where the keys are stored in the format supported by Wireshark
+
+	Directory where the keys are stored in the format supported by Wireshark.
+	IKEv1 keys are stored in the _ikev1_decryption_table_ file.
+	IKEv2 keys are stored in the _ikev2_decryption_table_ file.
+	Keys for ESP CHILD_SAs are stored in the _esp_sa_ file.

conf/strongswan.conf.5.main

@@ -51,7 +51,7 @@ Maximum number of half\-open IKE_SAs for a single peer IP.
 
 .TP
 .BR charon.cache_crls " [no]"
-Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should be
+Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP should be
 saved under a unique file name derived from the public key of the Certification
 Authority (CA) to
 .RB "" "/etc/ipsec.d/crls" ""
@@ -405,6 +405,14 @@ WINS servers assigned to peer via configuration payload (CP).
 .BR charon.nbns2 " []"
 WINS servers assigned to peer via configuration payload (CP).
 
+.TP
+.BR charon.plugin.ha.buflen " [2048]"
+Buffer size for received HA messages. For IKEv1 the public DH factors are also
+transmitted so depending on the DH group the HA messages can get quite big (the
+default should be fine up to
+.RI "" "modp4096" ")."
+
+
 .TP
 .BR charon.plugins.addrblock.strict " [yes]"
 If set to yes, a subject certificate without an addrblock extension is rejected
@@ -973,7 +981,7 @@ If the maximum Netlink socket receive buffer in bytes set by
 .RI "" "receive_buffer_size" ""
 exceeds the system\-wide maximum from
 /proc/sys/net/core/rmem_max, this option can be used to override the limit.
-Enabling this option requires special priviliges (CAP_NET_ADMIN).
+Enabling this option requires special privileges (CAP_NET_ADMIN).
 
 .TP
 .BR charon.plugins.kernel-netlink.fwmark " []"
@@ -1015,6 +1023,12 @@ policies are used to exempt IKE traffic from XFRM processing. The default socket
 based policies are directly tied to the IKE UDP sockets, port based policies use
 global XFRM bypass policies for the used IKE UDP ports.
 
+.TP
+.BR charon.plugins.kernel-netlink.process_rules " [no]"
+Whether to process changes in routing rules to trigger roam events. This is
+currently only useful if the kernel based route lookup is used (i.e. if route
+installation is disabled or an inverted fwmark match is configured).
+
 .TP
 .BR charon.plugins.kernel-netlink.receive_buffer_size " [0]"
 Maximum Netlink socket receive buffer in bytes. This value controls how many
@@ -1416,6 +1430,30 @@ Whether CRL validation should be enabled.
 .BR charon.plugins.revocation.enable_ocsp " [yes]"
 Whether OCSP validation should be enabled.
 
+.TP
+.BR charon.plugins.save-keys.esp " [no]"
+Whether to save ESP keys.
+
+.TP
+.BR charon.plugins.save-keys.ike " [no]"
+Whether to save IKE keys.
+
+.TP
+.BR charon.plugins.save-keys.load " [no]"
+Whether to load the plugin.
+
+.TP
+.BR charon.plugins.save-keys.wireshark_keys " []"
+Directory where the keys are stored in the format supported by Wireshark. IKEv1
+keys are stored in the
+.RI "" "ikev1_decryption_table" ""
+file. IKEv2 keys are stored in
+the
+.RI "" "ikev2_decryption_table" ""
+file. Keys for ESP CHILD_SAs are stored in the
+.RI "" "esp_sa" ""
+file.
+
 .TP
 .BR charon.plugins.socket-default.fwmark " []"
 Firewall mark to set on outbound packets.
@@ -2120,6 +2158,11 @@ manufacturer of the hardcopy device.
 Manually set the path to the client device certificate (e.g.
 /etc/pts/aikCert.der)
 
+.TP
+.BR libimcv.plugins.imc-os.device_handle " []"
+Manually set handle to a private key bound to a smartcard or TPM (e.g.
+0x81010004)
+
 .TP
 .BR libimcv.plugins.imc-os.device_id " []"
 Manually set the client device ID in hexadecimal format (e.g.

configure.ac

@@ -19,7 +19,7 @@
 #  initialize & set some vars
 # ============================
 
-AC_INIT([strongSwan],[5.6.1])
+AC_INIT([strongSwan],[5.6.2])
 AM_INIT_AUTOMAKE(m4_esyscmd([
 	echo tar-ustar
 	echo subdir-objects
@@ -273,6 +273,7 @@ ARG_ENABL_SET([led],            [enable plugin to control LEDs on IKEv2 activity
 ARG_ENABL_SET([load-tester],    [enable load testing plugin for IKEv2 daemon.])
 ARG_ENABL_SET([lookip],         [enable fast virtual IP lookup and notification plugin.])
 ARG_ENABL_SET([radattr],        [enable plugin to inject and process custom RADIUS attributes as IKEv2 client.])
+ARG_ENABL_SET([save-keys],      [enable development/debugging plugin that saves IKE and ESP keys in Wireshark format.])
 ARG_ENABL_SET([systime-fix],    [enable plugin to handle cert lifetimes with invalid system time gracefully.])
 ARG_ENABL_SET([test-vectors],   [enable plugin providing crypto test vectors.])
 ARG_DISBL_SET([updown],         [disable updown firewall script plugin.])
@@ -1174,10 +1175,7 @@ if test x$eap_sim_pcsc = xtrue; then
 fi
 
 if test x$nm = xtrue; then
-	PKG_CHECK_EXISTS([libnm-glib],
-		[PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm-util libnm-glib libnm-glib-vpn])],
-		[PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm_util libnm_glib libnm_glib_vpn])]
-	)
+	PKG_CHECK_MODULES(nm, [gthread-2.0 libnm])
 	AC_SUBST(nm_CFLAGS)
 	AC_SUBST(nm_LIBS)
 fi
@@ -1438,6 +1436,7 @@ ADD_PLUGIN([kernel-pfkey],         [c charon starter nm cmd])
 ADD_PLUGIN([kernel-pfroute],       [c charon starter nm cmd])
 ADD_PLUGIN([kernel-netlink],       [c charon starter nm cmd])
 ADD_PLUGIN([resolve],              [c charon cmd])
+ADD_PLUGIN([save-keys],            [c])
 ADD_PLUGIN([socket-default],       [c charon nm cmd])
 ADD_PLUGIN([socket-dynamic],       [c charon cmd])
 ADD_PLUGIN([socket-win],           [c charon])
@@ -1667,6 +1666,7 @@ AM_CONDITIONAL(USE_IMC_SWIMA, test x$imc_swima = xtrue)
 AM_CONDITIONAL(USE_IMV_SWIMA, test x$imv_swima = xtrue)
 AM_CONDITIONAL(USE_IMC_HCD, test x$imc_hcd = xtrue)
 AM_CONDITIONAL(USE_IMV_HCD, test x$imv_hcd = xtrue)
+AM_CONDITIONAL(USE_SAVE_KEYS, test x$save_keys = xtrue)
 AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue)
 AM_CONDITIONAL(USE_SOCKET_DYNAMIC, test x$socket_dynamic = xtrue)
 AM_CONDITIONAL(USE_SOCKET_WIN, test x$socket_win = xtrue)
@@ -1931,6 +1931,7 @@ AC_CONFIG_FILES([
 	src/libcharon/plugins/xauth_noauth/Makefile
 	src/libcharon/plugins/tnc_ifmap/Makefile
 	src/libcharon/plugins/tnc_pdp/Makefile
+	src/libcharon/plugins/save_keys/Makefile
 	src/libcharon/plugins/socket_default/Makefile
 	src/libcharon/plugins/socket_dynamic/Makefile
 	src/libcharon/plugins/socket_win/Makefile
@@ -1991,6 +1992,7 @@ AC_CONFIG_FILES([
 	src/_copyright/Makefile
 	src/scepclient/Makefile
 	src/aikgen/Makefile
+	src/tpm_extendpcr/Makefile
 	src/pki/Makefile
 	src/pki/man/Makefile
 	src/pool/Makefile

debian/NEWS

-strongswan (5.6.1-2) UNRELEASED; urgency=medium
+strongswan (5.6.2-1) unstable; urgency=medium
 
   Starting 5.6.1, several algorithms were removed from the default ESP/AH and
   IKEv2 proposals in compliance with RFC 8221[1] and RFC 8247[2],
@@ -18,7 +18,7 @@ strongswan (5.6.1-2) UNRELEASED; urgency=medium
   [2] https://tools.ietf.org/html/rfc8247
   [3] https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#AES-256-CBC-and-MODP2048
 
- -- Yves-Alexis Perez <corsac@debian.org>  Thu, 30 Nov 2017 14:01:24 +0100
+ -- Yves-Alexis Perez <corsac@debian.org>  Tue, 20 Feb 2018 12:27:00 +0100
 
 strongswan (5.1.2-1) unstable; urgency=medium
 

debian/changelog

-strongswan (5.6.1-4) UNRELEASED; urgency=medium
+strongswan (5.6.2-1) unstable; urgency=medium
 
   * d/NEWS: add information about disabled algorithms (closes: #883072)
-
- -- Yves-Alexis Perez <corsac@debian.org>  Thu, 30 Nov 2017 14:09:26 +0100
+  * d/control: remove Romain Françoise from uploaders
+  * strongswan-libcharon: add bypass-lan plugin
+  * New upstream version 5.6.2
+    - Fix denial of service vulnerability in the parser for PKCS#1 RSASSA-PSS
+    signatures (CVE-2018-6459)
+  * d/control: move Vcs to salsa
+  * d/control: update build-deps for libnm port (closes: #862885)
+  * install tpm_extendpcr binary in libstrongswan-extra-plugins
+
+ -- Yves-Alexis Perez <corsac@debian.org>  Tue, 20 Feb 2018 12:26:54 +0100
 
 strongswan (5.6.1-3) unstable; urgency=medium
 

debian/control

@@ -5,8 +5,8 @@ Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
 Uploaders: Rene Mayrhofer <rmayr@debian.org>,
            Yves-Alexis Perez <corsac@debian.org>
 Standards-Version: 4.1.2
-Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-swan/strongswan.git;a=summary
-Vcs-Git: git://anonscm.debian.org/pkg-swan/strongswan.git
+Vcs-Browser: https://salsa.debian.org/debian/strongswan
+Vcs-Git: https://salsa.debian.org/debian/strongswan.git
 Build-Depends: bison,
                bzip2,
                debhelper (>= 9.20160709),
@@ -22,8 +22,7 @@ Build-Depends: bison,
                libgmp3-dev,
                libkrb5-dev,
                libldap2-dev,
-               libnm-glib-vpn-dev (>= 0.7) [linux-any],
-               libnm-util-dev (>= 0.7) [linux-any],
+               libnm-dev,
                libpam0g-dev,
                libsqlite3-dev,
                libssl-dev (>= 0.9.8),

debian/libstrongswan-extra-plugins.install

+# Tool for TPM PCR extension
+usr/bin/tpm_extendpcr
 # libstrongswan plugins
 usr/lib/ipsec/plugins/libstrongswan-ccm.so
 usr/lib/ipsec/plugins/libstrongswan-cmac.so