leancrypto: add initial recipe

Cryptographic library that exclusively contains
Quantum resistant cryptographic algorithms. It is lean has minimal dependencies,
supports stack-only operation and provides optimized implementations for
ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (Sphincs+) and many more

Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

meta-oe/recipes-crypto/leancrypto/files/0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch

@@ -0,0 +1,40 @@
+From 5a3c770b24a40a4e32154f25fdba3b685b0221d2 Mon Sep 17 00:00:00 2001
+From: Ayoub Zaki <ayoub.zaki@embetrix.com>
+Date: Thu, 19 Mar 2026 09:29:10 +0100
+Subject: [PATCH] fix: strip absolute build paths from DWARF debug info for
+ reproducible builds
+
+Upstream-Status: Backport [https://github.com/smuellerDD/leancrypto/commit/6561beeadf7376cc0815d937ee8d231a3bbbcba8]
+Signed-off-by: Stephan Mueller <smueller@chronox.de>
+Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
+---
+ meson.build | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/meson.build b/meson.build
+index 03616319..ba9bbcbd 100644
+--- a/meson.build
++++ b/meson.build
+@@ -121,6 +121,19 @@ endif
+ if get_option('dilithium_debug').enabled()
+ 	add_global_arguments([ '-DLC_DILITHIUM_DEBUG' ], language: 'c')
+ endif
++
++# Strip build directory paths from debug info to avoid buildpaths warnings
++# in debug packages
++if cc.has_argument('-ffile-prefix-map=/dev/null=/dev/null')
++	add_global_arguments([
++		'-ffile-prefix-map=' + meson.project_source_root() + '/=',
++		'-ffile-prefix-map=' + meson.project_build_root() + '/=',
++	], language: 'c')
++	add_project_link_arguments([
++		'-ffile-prefix-map=' + meson.project_source_root() + '/=',
++		'-ffile-prefix-map=' + meson.project_build_root() + '/=',
++	], language : 'c')
++endif
+ if get_option('kyber_debug').enabled()
+ 	add_global_arguments([ '-DLC_KYBER_DEBUG' ], language: 'c')
+ endif
+-- 
+2.43.0
+

meta-oe/recipes-crypto/leancrypto/files/leancrypto-tests.sh

@@ -0,0 +1,57 @@
+#!/bin/sh
+# SPDX-License-Identifier: MIT
+#
+# leancrypto test runner
+# Runs all leancrypto test binaries and reports pass/fail summary
+#
+
+TESTDIR="/usr/libexec/leancrypto/tests"
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+YELLOW='\033[0;33m'
+NC='\033[0m'
+PASS=0
+FAIL=0
+SKIP=0
+FAILED=""
+
+if [ ! -d "$TESTDIR" ]; then
+    echo "ERROR: Test directory $TESTDIR not found"
+    exit 1
+fi
+
+count=$(find "$TESTDIR" -maxdepth 1 -type f -executable | wc -l)
+if [ "$count" -eq 0 ]; then
+    echo "ERROR: No test binaries found in $TESTDIR"
+    exit 1
+fi
+
+echo "Running $count leancrypto tests..."
+echo ""
+
+for t in "$TESTDIR"/*; do
+    [ -x "$t" ] || continue
+    name=$(basename "$t")
+    printf "%-60s " "$name"
+    "$t" > /dev/null 2>&1
+    rc=$?
+    if [ "$rc" -eq 0 ]; then
+        printf "${GREEN}PASS${NC}\n"
+        PASS=$((PASS + 1))
+    elif [ "$rc" -eq 77 ]; then
+        printf "${YELLOW}SKIP${NC}\n"
+        SKIP=$((SKIP + 1))
+    else
+        printf "${RED}FAIL${NC}\n"
+        FAIL=$((FAIL + 1))
+        FAILED="$FAILED $name"
+    fi
+done
+
+echo ""
+echo "Results: $PASS passed, $FAIL failed, $SKIP skipped, $((PASS + FAIL + SKIP)) total"
+
+if [ "$FAIL" -gt 0 ]; then
+    echo "Failed tests:$FAILED"
+    exit 1
+fi

meta-oe/recipes-crypto/leancrypto/leancrypto_1.6.0.bb

@@ -0,0 +1,56 @@
+SUMMARY = "Lean cryptographic library with PQC-resistant algorithms"
+DESCRIPTION = "leancrypto is a cryptographic library that exclusively contains \
+PQC-resistant cryptographic algorithms. It is lean, has minimal dependencies, \
+supports stack-only operation and provides optimized implementations for \
+ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (Sphincs+) and many more"
+HOMEPAGE = "https://leancrypto.org"
+LICENSE = "BSD-3-Clause | GPL-2.0-only"
+LIC_FILES_CHKSUM = " \
+    file://LICENSE;md5=7e96f38306550c165071e7cab7b6b824 \
+    file://LICENSE.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \
+    file://LICENSE.gplv2;md5=eb723b61539feef013de476e68b5c50a \
+    "
+SECTION = "libs"
+SRC_URI = "git://github.com/smuellerDD/leancrypto.git;branch=master;protocol=https \
+           file://0001-fix-strip-absolute-build-paths-from-DWARF-debug-info.patch \
+           file://leancrypto-tests.sh \
+           "
+# SRCREV tagged v1.6.0
+SRCREV = "38215249fbe3951d1992b12447fca3c0c5e7e245"
+
+inherit pkgconfig meson
+
+EXTRA_OEMESON = "-Dstrip=false"
+
+PACKAGECONFIG ??= "secure-exec apps tests"
+PACKAGECONFIG[apps] = "-Dapps=enabled,-Dapps=disabled"
+PACKAGECONFIG[small-stack] = "-Dsmall_stack=enabled,-Dsmall_stack=disabled"
+PACKAGECONFIG[no-asm] = "-Ddisable-asm=true,-Ddisable-asm=false"
+PACKAGECONFIG[efi] = "-Defi=enabled,-Defi=disabled"
+PACKAGECONFIG[secure-exec] = "-Dsecure_execution=enabled,-Dsecure_execution=disabled"
+PACKAGECONFIG[tests] = "-Dtests=enabled,-Dtests=disabled"
+
+do_install:append () {
+    if ${@bb.utils.contains('PACKAGECONFIG', 'tests', 'true', 'false', d)}; then
+        install -d ${D}${libexecdir}/leancrypto/tests
+        for t in $(find ${B} -maxdepth 3 -type f -executable \( -name '*_tester*' -o -name '*_test' \)); do
+            basename=$(basename "$t")
+            install -m 0755 "$t" ${D}${libexecdir}/leancrypto/tests/leancrypto_${basename}
+        done
+        install -d ${D}${bindir}
+        install -m 0755 ${UNPACKDIR}/leancrypto-tests.sh ${D}${bindir}/leancrypto-tests
+    fi
+}
+
+PACKAGES =+ "${PN}-tests ${PN}-apps"
+
+RDEPENDS:${PN}-apps += "${PN}"
+FILES:${PN}-apps = "${bindir}/lc_* \
+                    ${libexecdir}/leancrypto \
+                    "
+RDEPENDS:${PN}-tests += "${PN}"
+FILES:${PN}-tests = "${bindir}/leancrypto-tests \
+                    ${libexecdir}/leancrypto/tests \
+                    "
+
+BBCLASSEXTEND = "native nativesdk"