Add v4 of IServerPluginCallbacks.

public/engine/iserverplugin.h

@@ -46,7 +46,8 @@ typedef int QueryCvarCookie_t;
 
 #define INTERFACEVERSION_ISERVERPLUGINCALLBACKS_VERSION_1	"ISERVERPLUGINCALLBACKS001"
 #define INTERFACEVERSION_ISERVERPLUGINCALLBACKS_VERSION_2	"ISERVERPLUGINCALLBACKS002"
-#define INTERFACEVERSION_ISERVERPLUGINCALLBACKS				"ISERVERPLUGINCALLBACKS003"
+#define INTERFACEVERSION_ISERVERPLUGINCALLBACKS_VERSION_3	"ISERVERPLUGINCALLBACKS003"
+#define INTERFACEVERSION_ISERVERPLUGINCALLBACKS				"ISERVERPLUGINCALLBACKS004"
 
 //-----------------------------------------------------------------------------
 // Purpose: callbacks the engine exposes to the 3rd party plugins (ala MetaMod)
@@ -118,6 +119,38 @@ public:
 	// added with version 3 of the interface.
 	virtual void			OnEdictAllocated( edict_t *edict ) = 0;
 	virtual void			OnEdictFreed( const edict_t *edict  ) = 0;	
+
+	//
+	// Allow plugins to validate and configure network encryption keys (added in Version 4 of the interface)
+	// Game server must run with -externalnetworkcryptkey flag, and 3rd party client software must set the
+	// matching encryption key in the client game process.
+	//
+
+	// BNetworkCryptKeyCheckRequired allows the server to allow connections from clients or relays that don't have
+	// an encryption key. The function must return true if the client encryption key is required, and false if the client
+	// is allowed to connect without an encryption key. It is recommended that if client wants to use encryption key
+	// this function should return true to require it on the server side as well.
+	// Any plugin in the chain that returns true will flag connection to require encryption key for the engine and check
+	// with other plugins will not be continued.
+	// If no plugin returns true to require encryption key then the default implementation will require encryption key
+	// if the client wants to use it.
+	virtual bool			BNetworkCryptKeyCheckRequired( uint32 unFromIP, uint16 usFromPort, uint32 unAccountIdProvidedByClient,
+		bool bClientWantsToUseCryptKey ) = 0;
+
+	// BNetworkCryptKeyValidate allows the server to validate client's over the wire encrypted payload cookie and return
+	// false if the client cookie is malformed to prevent connection to the server. If this function returns true then
+	// the plugin allows the client to connect with the encryption key, and upon return the engine expects the plugin
+	// to have copied 16-bytes of client encryption key into the buffer pointed at by pbPlainTextKeyForNetChan. That key
+	// must match the plaintext key supplied by 3rd party client software to the client game process, not the client cookie
+	// transmitted unencrypted over the wire as part of the connection packet.
+	// Any plugin in the chain that returns true will stop evaluation of other plugins and the 16-bytes encryption key
+	// copied into pbPlainTextKeyForNetchan will be used. If a plugin returns false then evaluation of other plugins will
+	// continue and buffer data in pbPlainTextKeyForNetchan will be preserved from previous calls.
+	// If no plugin returns true and the encryption key is required then the client connection will be rejected with
+	// an invalid certificate error.
+	virtual bool			BNetworkCryptKeyValidate( uint32 unFromIP, uint16 usFromPort, uint32 unAccountIdProvidedByClient,
+		int nEncryptionKeyIndexFromClient, int numEncryptedBytesFromClient, byte *pbEncryptedBufferFromClient,
+		byte *pbPlainTextKeyForNetchan ) = 0;
 };
 
 #define INTERFACEVERSION_ISERVERPLUGINHELPERS			"ISERVERPLUGINHELPERS001"