child-rekey: Use previously negotiated DH group when rekeying CHILD_SAs

For the CHILD_SA created with the IKE_SA the group won't be set in the
proposal, so we will use the first one configure just as if the SA was
created new with a CREATE_CHILD_SA exchange.  I guess we could
theoretically try to use the DH group negotiated for IKE but then this
would get a lot more complicated as we'd have to check if that group is
actually contained in any of the CHILD_SA's configured proposals.

src/libcharon/sa/ikev2/tasks/child_rekey.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009-2017 Tobias Brunner
+ * Copyright (C) 2009-2018 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -190,8 +190,18 @@ METHOD(task_t, build_i, status_t,
 	/* our CHILD_CREATE task does the hard work for us */
 	if (!this->child_create)
 	{
+		proposal_t *proposal;
+		uint16_t dh_group;
+
 		this->child_create = child_create_create(this->ike_sa,
 									config->get_ref(config), TRUE, NULL, NULL);
+
+		proposal = this->child_sa->get_proposal(this->child_sa);
+		if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP,
+									&dh_group, NULL))
+		{	/* reuse the DH group negotiated previously */
+			this->child_create->use_dh_group(this->child_create, dh_group);
+		}
 	}
 	reqid = this->child_sa->get_reqid(this->child_sa);
 	this->child_create->use_reqid(this->child_create, reqid);