What are the meanings of SEC_PARAM_MITM and SEC_PARAM_LESC

Question

I learned that paring is consist of 3 phase (Exchange of Pairing Information, Authentication, Key distrbution) and TK, STK are generated at the phase of Authentication and reamainder of keys are generated at the phase of Key distrbution when connection is encrypted by using the STK. 
 So deos enabling SEC_PARAM_MITM(Man In The Middle protection) means that SoftDevice generate TK, STK? 
 So deos enabling SEC_PARAM_LESC means that SoftDevice distribute LTK, IRK, CSRK? 
 But it is possible to piar when SEC_PARAM_MITM=0, SEC_PARAM_LESC=1, although TK, STK is not generated so connection is not encrypted by using the STK. 
 Am I misunderstanding?

Petter Myhre · Accepted Answer

First you have to separate between LE legacy pairing and LE Secure Connections(LESC) pairing. 
 If both devices support LESC, LESC will be used, otherwise LE legacy pairing will be used. If you set SEC_PARAM_LESC to 1 you will say to the peer that you support LESC. In LESC you dont' have TK, STK++, see the Vol 3, Part H, Section 2.3 in the Bluetooth Core 5 specification. 
 In LE legacy pairing the IO capabilites, Out of Band (OOB) authentication data availability, and MITM protection requirement determine the generation method of a temporary key (TK). The TK is then used to generate the short term key (STK). 
 There are three possible TK generation methods: 
 
 Just Works 
 Passkey Entry 
 OOB 
 
 If both devices have OOB set it will be used. If at least one of the devices has MITM set, Passkey Entry entry will be used (if possible), if not Just Works will be used. 
 So if you set SEC_PARAM_MITM to 1 you will say to the peer that you require MITM protection. 
 To distribute keys you have to bond, and you will only bond if both devices want to bond. By setting SEC_PARAM_BOND to 1 you will say to the peer that you want to bond.