pkcs11: Enforce usage of a key uniquely identified by the search criteria

[stefanberger]

It is possible to create multiple keys with the same label. Similarly it is possible to create multiple keys with the same id. Also the combination of key id and label doesn't need to be unique. This PR changes the code now to refuse to use a private or public key if the search criteria are not resulting in a unique key but we now use possible both key id and label to search for the key to use, depending on what the user provided.

[lumjjb]

I'm assuming that a collision for key ID shouldn't happen but could happen if key IDs and labels are not managed properly? I could see behaviors of not using and using all keys provide different bad situations in either encryption and decryption... so I think this approach of not doing anything is probably good considering all scenarios.

I assume that this is an edge case, and would require malicious intent or happen with very low probability?

[stefanberger]

I'm assuming that a collision for key ID shouldn't happen but could happen if key IDs and labels are not managed properly? I could see behaviors of not using and using all keys provide different bad situations in either encryption and decryption... so I think this approach of not doing anything is probably good considering all scenarios.

It's better to refuse using a key if the search criteria do not lead to a unique key. The way it looks like the tools allow to assign keys with non-unique labels and non-unique ids, so one can get into such a situation. To allow more specific selection of a key we enable up to two user-given search criteria.

I assume that this is an edge case, and would require malicious intent or happen with very low probability?

It's not necessarily malicious intent but a mess left from creating keys.

[lumjjb]

Linking issue: https://github.com/containers/ocicrypt/issues/20