U2F doesn't allow cancellation on device.
Also fix button state in protect. This fixes the following bug:
1. wipe device
2. press and hold right button, click left button to cancel.
3. release all buttons.
4. wipe device again, now automatic.
Instead of reflashing the whole storage, we use a designated area
in the second storage block, where we mark each PIN failure by a
single zero bit. This is because one can set bits in flash to zero but
not to one. If the PIN was entered successfully the whole word is
set to zero and the next word stores the new PIN failure counter.
Added usbDelay that polls usb port (for system requests) while delaying.
This is called instead of delay in the button and pin delay functions.
Experimental evaluation gave that the cycle count should be roughly divided
by 28.5.
This diff contains three changes.
1. Make timing isPinCorrect independent of storage.pin, to avoid timing attacks
2. Only update failed PIN counter if the user entered a PIN.
Of course, the fail counter is still incremented, before the PIN is checked.
3. Don't cache the PIN, but just the fact that the PIN was entered. The
cache should be in sync with storage.pin in any case.
Pavol Rusnak
Jochen Hoenicke