aziot_keyd: Consider setting CKA_ID for public and private PKCS#11 key

[quality-leftovers]

I've had a tool failing when accessing a key generated using the aziot_keyd because it searched for a matching public key using CKA_ID of the private key and both public and private key did not have CKA_ID set. Looking at the code it seems the aziot_keyd never sets CKA_ID.

As far as I understand setting CKA_ID is a good practice, which is why I'd like to ask if you would consider setting it.

Context
From https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/csd03/pkcs11-base-v2.40-csd03.html

Attribute	Data type	Meaning
CKA_ID	Byte array	Key identifier for public/private key pair (default empty)

The CKA_ID attribute is intended as a means of distinguishing multiple public-key/private-key pairs held by the same subject (whether stored in the same token or not). (Since the keys are distinguished by subject name as well as identifier, it is possible that keys for different subjects may have the same CKA_ID value without introducing any ambiguity.)

Example
quality-leftovers@4f3c49f

Not sure whether using rand::thread_rng() is a good choice for generating the CKA_ID. Some tools / smartcards seem to use a hash of a public property, which probably is better assuming there are no problems with duplicates. Didn't give it much thought. Just wanted to check if adding it to the template args works (and wanted to paste it for EC and RSA without any changes)

[arsing]

You can just reuse the CKA_LABEL as the CKA_ID instead of making a random one.

[quality-leftovers]

Good idea. Multiple objects with same CKA_LABEL are a bit problematic anyway.

I'm just wondering whether size of CKA_LABEL is guaranteed to be smaller than size of CKA_ID and whether having a fixed size CKA_ID might be preferrable (could pad, hash, ... label though).

Anyway adding the option above:

• Use random number
• Use label (copy, hash, ...)
• Use public key property