QUIC: Use initial destination conn_id for decryption

Ensure the client side also uses the initial destination connection ID
for decryption purposes instead of the one from the current long header
packet. PCAP from local WiFi hotspot.

src/analyzer/protocol/quic/QUIC.spicy

@@ -567,23 +567,24 @@ type Packet = unit(from_client: bool, context: ConnectionIDInfo&) {
       context.server_cid_len = self.long_header.dest_conn_id_len;
       context.client_cid_len = self.long_header.src_conn_id_len;
 
+      # This is the first INITIAL packet we attempt to decrypt and it is
+      # coming from the client. Use its destination connection ID for
+      # decryption purposes.
+      if ( |context.initial_destination_conn_id| == 0 ) {
+        context.initial_destination_conn_id = self.long_header.dest_conn_id;
+      }
+
       # This means that here, we can try to decrypt the initial packet!
       # All data is accessible via the `long_header` unit
       self.decrypted_data = decrypt_crypto_payload(
         self.long_header.version,
         self.packet_data,
-        self.long_header.dest_conn_id,
+        context.initial_destination_conn_id,
         self.long_header.encrypted_offset,
         self.long_header.payload_length,
         from_client
       );
 
-      # Assuming that the client set up the connection, this can be considered the first
-      # received Initial from the client. So disable change of ConnectionID's afterwards
-      if ( |context.initial_destination_conn_id| == 0 ) {
-        context.initial_destination_conn_id = self.long_header.dest_conn_id;
-      }
-
     } else {
       context.server_cid_len = self.long_header.src_conn_id_len;
       context.client_cid_len = self.long_header.dest_conn_id_len;

testing/btest/Baseline/scripts.base.protocols.quic.decrypt-fail-google-de-51833/conn.log.cut

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	history	service
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	Dd	quic,ssl

testing/btest/Baseline/scripts.base.protocols.quic.decrypt-fail-google-de-51833/quic.log.cut

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	server_name	history
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	www.google.de	ZZZIiIIIISiIIIiiiiiishIIHH

testing/btest/Baseline/scripts.base.protocols.quic.decrypt-fail-google-de-51833/ssl.log.cut

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+ts	uid	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	ssl_history
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	TLSv13	TLS_AES_128_GCM_SHA256	X25519MLKEM768	www.google.de	T	-	-	F	Cs

testing/btest/scripts/base/protocols/quic/decrypt-fail-google-de-51833.zeek

@@ -0,0 +1,12 @@
+# @TEST-DOC: PCAP for which decryption failed due to not using the initial destination connection ID consistently.
+
+# @TEST-REQUIRES: ${SCRIPTS}/have-spicy
+# @TEST-EXEC: zeek -Cr $TRACES/quic/quic-decrypt-fail-google-de-51833.pcap base/protocols/quic
+# @TEST-EXEC: test ! -f analyzer.log
+# @TEST-EXEC: test ! -f dpd.log
+# @TEST-EXEC: zeek-cut -m ts uid history service < conn.log > conn.log.cut
+# @TEST-EXEC: btest-diff conn.log.cut
+# @TEST-EXEC: zeek-cut -m ts uid server_name history < quic.log > quic.log.cut
+# @TEST-EXEC: btest-diff quic.log.cut
+# @TEST-EXEC: zeek-cut -m ts uid version cipher curve server_name resumed last_alert next_protocol established ssl_history < ssl.log > ssl.log.cut
+# @TEST-EXEC: btest-diff ssl.log.cut