Short-circuit when cached encryption key already exists

FrederikBolding · FrederikBolding · commit 1adf53ce51eb · 2024-10-18T12:49:35.000+02:00
diff --git a/packages/snaps-controllers/coverage.json b/packages/snaps-controllers/coverage.json
@@ -1,5 +1,5 @@
 {
-  "branches": 92.63,
+  "branches": 92.69,
   "functions": 96.65,
   "lines": 97.97,
   "statements": 97.67
diff --git a/packages/snaps-controllers/src/snaps/SnapController.ts b/packages/snaps-controllers/src/snaps/SnapController.ts
@@ -1734,6 +1734,17 @@ export class SnapController extends BaseController<
     return { key: encryptionKey, salt };
   }
 
+  /**
+   * Check if a given Snap has a cached encryption key stored in the runtime.
+   *
+   * @param snapId - The Snap ID.
+   * @returns True if the Snap has a cached encryption key, otherwise false.
+   */
+  #hasCachedEncryptionKey(snapId: SnapId) {
+    const runtime = this.#getRuntimeExpect(snapId);
+    return runtime.encryptionKey !== null && runtime.encryptionSalt !== null;
+  }
+
   /**
    * Decrypt the encrypted state for a given Snap.
    *
@@ -1748,7 +1759,11 @@ export class SnapController extends BaseController<
       // This lets us skip JSON validation.
       const parsed = JSON.parse(state) as EncryptionResult;
       const { salt, keyMetadata } = parsed;
-      const useCache = this.#encryptor.isVaultUpdated(state);
+
+      // We only cache encryption keys if they are already cached or if the encryption key is using the latest key derivation params.
+      const useCache =
+        this.#hasCachedEncryptionKey(snapId) ||
+        this.#encryptor.isVaultUpdated(state);
       const { key } = await this.#getSnapEncryptionKey({
         snapId,
         salt,

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`{`
`2`		`- "branches": 92.63,`
	`2`	`+ "branches": 92.69,`
`3`	`3`	`"functions": 96.65,`
`4`	`4`	`"lines": 97.97,`
`5`	`5`	`"statements": 97.67`