[KMS] For Sign / Verify - confirm that it is necessary and implement digest calculation based on SigningAlgorithm.

Is there an existing issue for this?

• I have searched the existing issues

Feature description

Currently, we always calculate SHA256 digests for messages with RAW MessageType.

It is not clear if this is compatible with AWS. There are some reports like this one about our implementation of Sign / Verify not working properly. Could be due to these digests.

What has to be done:

1. Should try to figure out how AWS calculates digests, whether the same algorithm is always used, or if digests are based on SigningAlgorithm. For this we can try importing the same key material into both AWS and LocalStack, use the resulting keys to sign the same message and then compare the signatures. If that works. If not - we can try just creating a key in AWS, sign a message with AWS, export the public key and then go through different digest algorithms in LocalStack, trying to verify the signed message with the obtained public key.
2. If the issue is really in our implementation of digests - should fix the digest logic.

🧑‍💻 Implementation

No response

Anything else?

No response

[paullallier]

I've added a comment here which might relate to this:
#6815 (comment)

[sannya-singal]

Thanks @taras-kobernyk-localstack for reporting the issue. We have implemented changes in #7878 that should resolve the issue. Could you please update to the latest LocalStack container image and let us know whether your issue is resolved? Thank you!