* cipher/kdf.c (prng_aes_ctr_init, prng_aes_ctr_get_rand64): New.
(prng_aes_ctr_fini, ballon_context_size): New.
(balloon_open): Implement with SHA-256.
(balloon_xor_block, balloon_compress, balloon_expand): New.
(balloon_compute_fill, balloon_compute_mix, balloon_compute): New.
(balloon_compute_all, balloon_final, balloon_close): New.
(_gcry_kdf_open): Check argument for GCRY_KDF_BALLOON.
(_gcry_kdf_compute): Dispatch for GCRY_KDF_BALLOON.
(_gcry_kdf_final, _gcry_kdf_close): Likewise.
* tests/t-kdf.c (check_balloon): New.
(main): Add check_balloon.