Is KDF based on HMAC-SHA-256(Hashed Message Authentication Code, Secure Hash Algorithm) algorithm a suitable option to generate symmetric key from the secret key?
What is the basic funda, behind using KDF after getting the secret key. Can the secret key itself be used as the symmetric key.
Yes, according to NIST SP 800-56A revision 2, a KDF based on HMAC-SHA-256 is a suitable option.
The basic idea behind using a Key Based Key Derivation Function KBKDF is that the output of the the primitive within the key agreement protocol (DH, ECDH) returns enough entropy for a key to be created. However that entropy may still be distinguishable from random. For instance, the first bit of the secret after a Diffie-Hellman key agreement will certainly be biased. Hence it is required that a KDF extracts the entropy into a key that is indistinguishable from random.
Besides the extraction of the entropy, the KDF may also be used to expand the amount of key material. This key material can be generated by supplying different otherInfo or counter to the KDF (preferred) or by requesting a larger output from the KDF. Note that the entropy within the keys is still bounded by the entropy in the output of the extraction phase or the internal state of the KDF.
The question if the secret can be used as symmetric key directly depends on the key agreement used. I've asked a specific question for Diffie-Hellman here. Note that the KDF calculation should take a small amount of processor time and memory, especially compared to for instance DH or ECDH.
