Support aws-lc-rs fips digest option

[skeggse]

Currently it looks like the signing key generated for AWS requests via the aws-sigv4 crate uses the hmac crate. It'd be great to use aws-lc-rs for this operation so it can be made fips-compliant via the fips feature on the aws-lc-rs crate.

smithy-rs/aws/rust-runtime/aws-sigv4/src/sign/v4.rs

Lines 20 to 61 in 108d231

	/// Calculates a Sigv4 signature
	pub fn calculate_signature(signing_key: impl AsRef<[u8]>, string_to_sign: &[u8]) -> String {
	let mut mac = Hmac::<Sha256>::new_from_slice(signing_key.as_ref())
	.expect("HMAC can take key of any size");
	mac.update(string_to_sign);
	hex::encode(mac.finalize_fixed())
	}
	/// Generates a signing key for Sigv4
	pub fn generate_signing_key(
	secret: &str,
	time: SystemTime,
	region: &str,
	service: &str,
	) -> impl AsRef<[u8]> {
	// kSecret = your secret access key
	// kDate = HMAC("AWS4" + kSecret, Date)
	// kRegion = HMAC(kDate, Region)
	// kService = HMAC(kRegion, Service)
	// kSigning = HMAC(kService, "aws4_request")
	let secret = format!("AWS4{}", secret);
	let mut mac =
	Hmac::<Sha256>::new_from_slice(secret.as_ref()).expect("HMAC can take key of any size");
	mac.update(format_date(time).as_bytes());
	let tag = mac.finalize_fixed();
	// sign region
	let mut mac = Hmac::<Sha256>::new_from_slice(&tag).expect("HMAC can take key of any size");
	mac.update(region.as_bytes());
	let tag = mac.finalize_fixed();
	// sign service
	let mut mac = Hmac::<Sha256>::new_from_slice(&tag).expect("HMAC can take key of any size");
	mac.update(service.as_bytes());
	let tag = mac.finalize_fixed();
	// sign request
	let mut mac = Hmac::<Sha256>::new_from_slice(&tag).expect("HMAC can take key of any size");
	mac.update("aws4_request".as_bytes());
	mac.finalize_fixed()
	}