diff --git a/tf_fuzz/tfz-cpp/utility/data_blocks.cpp b/tf_fuzz/tfz-cpp/utility/data_blocks.cpp
index d80d46f..7a62d6b 100644
--- a/tf_fuzz/tfz-cpp/utility/data_blocks.cpp
+++ b/tf_fuzz/tfz-cpp/utility/data_blocks.cpp
@@ -357,7 +357,7 @@
 
 key_policy_info::key_policy_info (void)  // (default constructor)
 {
-    get_policy_from_key = false;  // specify policy asset by a key that uses it.
+    generate_get_policy_from_key_call = false;
     copy_key = false;  // not copying one key to another
     exportable = false;
     copyable = false;
@@ -368,7 +368,7 @@
     derivable= false;
     persistent= false;
 
-    get_policy_from_policy = "";
+    get_policy_info_from = "";
     key_type = "";
     key_algorithm = "";
     n_bits = 0;
diff --git a/tf_fuzz/tfz-cpp/utility/data_blocks.hpp b/tf_fuzz/tfz-cpp/utility/data_blocks.hpp
index 03b1294..5294de0 100644
--- a/tf_fuzz/tfz-cpp/utility/data_blocks.hpp
+++ b/tf_fuzz/tfz-cpp/utility/data_blocks.hpp
@@ -211,80 +211,89 @@
 class key_policy_info
 {
 public:
-    // Data members:
-    // Digested info:
-    /* if true, then we must get policy info from a stated key;  the asset
-      here is a key that uses the policy, and not the policy itself. */
-    bool get_policy_from_key;
+  /* if true, then we must get generate a call to get policy info from a stated
+    key. */
+  bool generate_get_policy_from_key_call;
 
-    // If set, the policy asset specified should be used to fill in the policy
-    // at simulation time. This overwrites the other values in the object.
-    //
-    // If blank, the values in the object are used as-is.
-    //
-    // See `psa_call::copy_policy_to_call`
-    string get_policy_from_policy;
+  // If set, the policy or key asset specified should be used to fill in the
+  // policy at simulation time. This overwrites the other values in the object.
+  //
+  // If blank, the values in the object are used as-is.
+  //
+  // See `psa_call::copy_policy_to_call`
+  string get_policy_info_from;
 
-    /* if true, then the key was defined with policy specifications, but not
-     a named policy, meaning that we have to create an implicit policy. */
-    bool implicit_policy;
-    bool copy_key = false;  // true to indicate copying one key to another
-    bool exportable=false;   // key data can be exported (viewed - fail exports if not).
-    bool copyable=false;     // can be copied (fail key-copies if not).
-    bool can_encrypt=false;  // OK for encryption (fail other uses).
-    bool can_decrypt=false;  // OK for decryption (fail other uses).
-    bool can_sign=false;     // OK for signing (fail other operations).
-    bool can_verify=false;   // OK for verifying a message signature (fail other uses).
-    bool derivable=false;    // OK for derive other keys (fail other uses).
-    bool persistent=false;   // must be deleted at the end of test.
+  /* if true, then the key was defined with policy specifications, but not
+   a named policy, meaning that we have to create an implicit policy. */
+  bool implicit_policy;
+  bool copy_key = false; // true to indicate copying one key to another
+  bool exportable =
+      false; // key data can be exported (viewed - fail exports if not).
+  bool copyable = false;    // can be copied (fail key-copies if not).
+  bool can_encrypt = false; // OK for encryption (fail other uses).
+  bool can_decrypt = false; // OK for decryption (fail other uses).
+  bool can_sign = false;    // OK for signing (fail other operations).
+  bool can_verify =
+      false; // OK for verifying a message signature (fail other uses).
+  bool derivable = false;  // OK for derive other keys (fail other uses).
+  bool persistent = false; // must be deleted at the end of test.
 
+  // no_<flag> denotes that <flag> must not be set in the key.
+  //
+  // For the above flags, truth means "must be set" and false means "don't
+  // care". Setting no_<flag> means "must not be set". no_<flag> takes
+  // presedence over <flag>.
 
-    // no_<flag> denotes that <flag> must not be set in the key.
-    //
-    // For the above flags, truth means "must be set" and false means "don't care".
-    // Setting no_<flag> means "must not be set". no_<flag> takes presedence over <flag>.
+  bool no_exportable = false;  // true to indicate that exportable must not be
+                               // set during randomisation
+  bool no_copyable = false;    // true to indicate that copyable must not be set
+                               // during randomisation
+  bool no_can_encrypt = false; // true to indicate that can_encrypt must not be
+                               // set during randomisation
+  bool no_can_decrypt = false; // true to indicate that can_decrypt must not be
+                               // set during randomisation
+  bool no_can_sign = false;    // true to indicate that can_sign must not be set
+                               // during randomisation
+  bool no_can_verify = false;  // true to indicate that can_verify must not be
+                               // set during randomisation
+  bool no_derivable = false;  // true to indicate that derivable must not be set
+                              // during randomisation
+  bool no_persistent = false; // true to indicate that persistent must not be
+                              // set during randomisation
 
-    bool no_exportable=false; // true to indicate that exportable must not be set during randomisation
-    bool no_copyable=false; // true to indicate that copyable must not be set during randomisation
-    bool no_can_encrypt=false; // true to indicate that can_encrypt must not be set during randomisation
-    bool no_can_decrypt=false; // true to indicate that can_decrypt must not be set during randomisation
-    bool no_can_sign=false; // true to indicate that can_sign must not be set during randomisation
-    bool no_can_verify=false; // true to indicate that can_verify must not be set during randomisation
-    bool no_derivable=false; // true to indicate that derivable must not be set during randomisation
-    bool no_persistent=false; // true to indicate that persistent must not be set during randomisation
+  string usage_string;
+  /* This string is set to a PSA_KEY_USAGE_* value in the template
+             immediately prior to making define_call<add_policy_usage_call>.
+             The copy_template_to_call() therein sets the corresponding string
+             in the call, and that is copied into the code in the
+     fill_in_command() invocation. */
+  string print_usage_true_string;
+  /* For printing out policy usage, this states how to describe the usage
+             if it can be used this way.  This is managed similarly with, and
+     used in conjunction with usage_string above.  NOTE:  THIS ALSO SERVES AS AN
+             INDICATOR WHETHER OR NOT TO PRINT ON A GET-USAGE CALL.  "" means
+     not to print. */
+  string print_usage_false_string;
+  /* Also for printing out policy usage, this is how to describe usage if
+             it cannot be used this way. */
+  string key_type; // AES, DES, RSA pair, DS public, etc.
+  string key_algorithm;
 
-    string usage_string;
-    /* This string is set to a PSA_KEY_USAGE_* value in the template
-               immediately prior to making define_call<add_policy_usage_call>.
-               The copy_template_to_call() therein sets the corresponding string
-               in the call, and that is copied into the code in the fill_in_command()
-               invocation. */
-    string print_usage_true_string;
-    /* For printing out policy usage, this states how to describe the usage
-               if it can be used this way.  This is managed similarly with, and used
-               in conjunction with usage_string above.  NOTE:  THIS ALSO SERVES AS AN
-               INDICATOR WHETHER OR NOT TO PRINT ON A GET-USAGE CALL.  "" means not
-               to print. */
-    string print_usage_false_string;
-    /* Also for printing out policy usage, this is how to describe usage if
-               it cannot be used this way. */
-    string key_type;   // AES, DES, RSA pair, DS public, etc.
-    string key_algorithm;
-    int n_bits;
-    // for get_key_info call (possibly others) exected key size in bits
-    string handle_str; // the text name of the key's "handle"
-    string key_data;   // the key data as best we can know it.
-    string asset_2_name;
-    // if there's a 2nd asset, such as policy on key call, this is its name
-    string asset_3_name;  // if there's a 3rd asset, then this is its name
+  // The key size. If <0, this will be re-generated by fill_in_policy.
+  int n_bits=-1;
+  // for get_key_info call (possibly others) exected key size in bits
+  string handle_str; // the text name of the key's "handle"
+  string key_data;   // the key data as best we can know it.
+  string asset_2_name;
+  // if there's a 2nd asset, such as policy on key call, this is its name
+  string asset_3_name; // if there's a 3rd asset, then this is its name
 
-    // Methods:
-    key_policy_info (void);  // (default constructor)
-    ~key_policy_info (void);  // (destructor)
+  // Methods:
+  key_policy_info(void);  // (default constructor)
+  ~key_policy_info(void); // (destructor)
 
-
-    /** Creates a random, but not necessarily valid, policy */
-    static key_policy_info create_random();
+  /** Creates a random, but not necessarily valid, policy */
+  static key_policy_info create_random();
 
 
 protected: