diff --git a/export_test.go b/export_test.go
index 572cedbc..cdba8e34 100644
--- a/export_test.go
+++ b/export_test.go
@@ -135,3 +135,13 @@ func MockKeyDataVersion(n int) (restore func()) {
 		keyDataVersion = orig
 	}
 }
+
+func MockHashAlgAvailable() (restore func()) {
+	orig := hashAlgAvailable
+	hashAlgAvailable = func(*hashAlg) bool {
+		return false
+	}
+	return func() {
+		hashAlgAvailable = orig
+	}
+}
diff --git a/keydata.go b/keydata.go
index 3a33edb1..7bdc50c0 100644
--- a/keydata.go
+++ b/keydata.go
@@ -192,6 +192,8 @@ type KeyDataReader interface {
 // hashAlg corresponds to a digest algorithm.
 type hashAlg crypto.Hash
 
+var hashAlgAvailable = (*hashAlg).Available
+
 func (a hashAlg) Available() bool {
 	return crypto.Hash(a).Available()
 }
@@ -526,7 +528,7 @@ func (d *KeyData) derivePassphraseKeys(passphrase string, kdf KDF) (key, iv, aut
 	}
 
 	kdfAlg := d.data.KDFAlg
-	if !kdfAlg.Available() {
+	if !hashAlgAvailable(&kdfAlg) {
 		return nil, nil, nil, fmt.Errorf("unavailable leaf KDF digest algorithm %v", kdfAlg)
 	}
 
diff --git a/keydata_test.go b/keydata_test.go
index 08999686..1adab78e 100644
--- a/keydata_test.go
+++ b/keydata_test.go
@@ -886,6 +886,14 @@ func (s *keyDataSuite) TestRecoverKeysWithPassphraseInvalidAuthKeySize(c *C) {
 	})
 }
 
+func (s *keyDataSuite) TestRecoverKeysWithPassphraseUnavailableKDF(c *C) {
+	restore := MockHashAlgAvailable()
+	defer restore()
+	s.testRecoverKeysWithPassphraseErrorHandling(c, &testRecoverKeysWithPassphraseErrorHandlingData{
+		errMsg: fmt.Sprintf("unavailable leaf KDF digest algorithm %d", crypto.SHA256),
+	})
+}
+
 func (s *keyDataSuite) TestNewKeyDataWithPassphraseNotSupported(c *C) {
 	// Test that creation of a new key data with passphrase fails when the
 	// platform handler doesn't have passphrase support.