⚡️ Memoize salted_password for AUTHENTICATE SCRAM

nevans · nevans · commit 6378558634a2 · 2026-04-19T05:19:23.000-04:00
`SASL::ScramAlgorithm` and `SASL::ScramAuthenticator` use
`salted_password` _at least_ twice: once to compute `client_key` and
once to compute `server_key`.  It is actually used more than that, since
`client_key` and `server_key` are also used multiple times each.
Computing `salted_password` is _intentionally_ computationally
expensive, so it should be cached.

Although `client_key` and `server_key` are far less computationally
expensive, they _are_ used multiple times, so they are memoized too.

Ultimately, we _could_ memoize most of the methods in `ScramAlgorithm`,
but I've decided to keep it simple by only memoizing these three.
diff --git a/lib/net/imap/sasl/scram_authenticator.rb b/lib/net/imap/sasl/scram_authenticator.rb
@@ -100,6 +100,9 @@ def initialize(username_arg = nil, password_arg = nil,
           @server_first_message = @snonce = @salt = @iterations = nil
           @server_error = nil
 
+          # Memoized after @salt and @iterations have been sent.
+          @salted_password = @client_key = @server_key = nil
+
           # These values are created and cached in response to server challenges
           @client_first_message_bare = nil
           @client_final_message_without_proof = nil
@@ -155,6 +158,15 @@ def initialize(username_arg = nil, password_arg = nil,
         # Net::IMAP::NoResponseError.
         attr_reader :server_error
 
+        # Memoized ScramAlgorithm#salted_password (needs #salt and #iterations)
+        def salted_password = @salted_password ||= compute_salted { super }
+
+        # Memoized ScramAlgorithm#client_key (needs #salt and #iterations)
+        def client_key = @client_key ||= compute_salted { super }
+
+        # Memoized ScramAlgorithm#server_key (needs #salt and #iterations)
+        def server_key = @server_key ||= compute_salted { super }
+
         # Returns a new OpenSSL::Digest object, set to the appropriate hash
         # function for the chosen mechanism.
         #
@@ -194,6 +206,13 @@ def done?; @state == :done end
 
         private
 
+        # Checks for +salt+ and +iterations+ before yielding
+        def compute_salted
+          salt       in String  or raise Error, "unknown salt"
+          iterations in Integer or raise Error, "unknown iterations"
+          yield
+        end
+
         # Need to store this for auth_message
         attr_reader :server_first_message
 
