Short-circuit when cached encryption key already exists

MetaMask · Oct 22, 2024 · 81776df · 81776df
1 parent dff5de7
commit 81776df
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 4 deletions.
diff --git a/packages/snaps-controllers/coverage.json b/packages/snaps-controllers/coverage.json
@@ -1,6 +1,6 @@
 {
-  "branches": 92.67,
+  "branches": 92.73,
   "functions": 96.65,
-  "lines": 97.98,
-  "statements": 97.68
+  "lines": 97.99,
+  "statements": 97.69
 }
diff --git a/packages/snaps-controllers/src/snaps/SnapController.ts b/packages/snaps-controllers/src/snaps/SnapController.ts
@@ -1747,6 +1747,17 @@ export class SnapController extends BaseController<
     return { key: encryptionKey, salt };
   }
 
+  /**
+   * Check if a given Snap has a cached encryption key stored in the runtime.
+   *
+   * @param snapId - The Snap ID.
+   * @returns True if the Snap has a cached encryption key, otherwise false.
+   */
+  #hasCachedEncryptionKey(snapId: SnapId) {
+    const runtime = this.#getRuntimeExpect(snapId);
+    return runtime.encryptionKey !== null && runtime.encryptionSalt !== null;
+  }
+
   /**
    * Decrypt the encrypted state for a given Snap.
    *
@@ -1761,7 +1772,11 @@ export class SnapController extends BaseController<
       // This lets us skip JSON validation.
       const parsed = JSON.parse(state) as EncryptionResult;
       const { salt, keyMetadata } = parsed;
-      const useCache = this.#encryptor.isVaultUpdated(state);
+
+      // We only cache encryption keys if they are already cached or if the encryption key is using the latest key derivation params.
+      const useCache =
+        this.#hasCachedEncryptionKey(snapId) ||
+        this.#encryptor.isVaultUpdated(state);
       const { key } = await this.#getSnapEncryptionKey({
         snapId,
         salt,