Change "salt length" parameter in PSS parameters for Bouncycastle

Question

I want to sign a message.

I am using Bouncycastle (more accurately, the Android version, SpongyCastle).

My code is the following :

Signature instance = Signature.getInstance("SHA256withRSA/PSS", "BC");
MGF1ParameterSpec mgf1ParameterSpec = new MGF1ParameterSpec("SHA-256");
PSSParameterSpec pssParameterSpec = new PSSParameterSpec("SHA-256", "MGF1",mgf1ParameterSpec , 512, 1);
instance.setParameter(pssParameterSpec);
instance.initSign(privateKey);
instance.update(msg.getBytes());
byte[] signature = instance.sign();

When trying to check the signature with another device (and another technology), I noticed that the "salt_length" was not '512' but '32'. And more than that, if I modify the PSSParameterSpec constructor, it doesn't matter, the "salt_length" will always be '32', even if I don't use the instance.setParameter(pssParameterSpec).

It looks like instance.setParameter(pssParameterSpec) does nothing. Is it normal ?

Any idea how to change the value of "salt_length" ?

Answer 1

After a lot of head-scratching it appears the order of initSign/initVerify and setParameter does matter on Android.

Using the same algorithm (without BouncyCastle in my case) requires setting the parameters after initialization, otherwise the default values are used:

signature.initVerify(publicKey);
signature.setParameter(new PSSParameterSpec(...));

This of course raises more questions about portability. The only lead I managed to find is this JDK bug report, although in my case the same provider is selected in both cases and still fails when setting the parameters before initialization.