PBKDF2 key generation using pkcs11interop, c#, windows visual studio 2010

How to make attribute template for PBKDF2 key generation in pkcs11interop.

Below is my trial code :

byte[] randomSalt = session.GenerateRandom(20);

objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKZ.CKZ_SALT_SPECIFIED));    
objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, randomSalt));    
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, 1000));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, 0x00000004));    
objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, new byte[] { }));    
objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, Encoding.UTF8.GetBytes("password")));

Mechanism mechanism = new Mechanism(CKM.CKM_PKCS5_PBKD2); objectHandle objectHandle = session.GenerateKey(mechanism, objectAttributes);

With this I am getting CKR_MECHANISM_INVALID exception

The first problem is that you are trying to provide parameters to CKM_PKCS5_PBKD2 mechanism via list of ObjectAttribute-s instead of CkPkcs5Pbkd2Params class instance. For more information take a look at chapter 12.26.9 of PKCS#11 v2.20 specification.

The second problem is that your unmanaged PKCS#11 library most likely does not support CKM_PKCS5_PBKD2 mechanism at all because by returning CKR_MECHANISM_INVALID error your unmanaged PKCS#11 library is telling you that "An invalid mechanism was specified to the cryptographic operation". You can use GetMechanismInfo() method to check whether the mechanism is supported:

if (!slot.GetMechanismList().Contains(CKM.CKM_PKCS5_PBKD2))
    throw new Exception("Unmanaged PKCS#11 library does not support CKM_PKCS5_PBKD2 mechanism");