Niels Möller nisse@lysator.liu.se writes:
I'm leaning towards deleting this support (leaving extra hashing to applications that need it) for Nettle-4.0, to keep things simple. It can be added back later if there are compelling use cases.
One case are the hkdf test vectors in RFC 5869, where the salt argument to HKFD-Extract is used as the hmac key, and some test vectors use an 80-byte salt, for sha256 and sha1. And also HKDF-Expand allows large prk input, even if typically it is the size of a digest.
Not clear to me if those test vectors represent a typical or reasonable use of hkdf?
But then Nettle's hkdf_extract and hkdf_expand functions don't quite match the RFC, in that they take an already initialized mac context as argument, leaving the actual hmac_*_set_key call to the application.
/Niels