Merge branch 'bugfix/btdm_master_dont_send_pair_req_#13686' into 'master'

component/bt: Fix the bug of master don't send pair request to the slave when the sec_act set to the value of ESP_BLE_SEC_ENCRYPT.

See merge request !1376

components/bt/bluedroid/api/include/esp_gap_ble_api.h

@@ -179,10 +179,20 @@ typedef enum {
 
 /* relate to BTA_DM_BLE_SEC_xxx in bta_api.h */
 typedef enum {
-    ESP_BLE_SEC_NONE = 0,               /* relate to BTA_DM_BLE_SEC_NONE in bta_api.h */
-    ESP_BLE_SEC_ENCRYPT,                /* relate to BTA_DM_BLE_SEC_ENCRYPT in bta_api.h */
-    ESP_BLE_SEC_ENCRYPT_NO_MITM,        /* relate to BTA_DM_BLE_SEC_ENCRYPT_NO_MITM in bta_api.h */
-    ESP_BLE_SEC_ENCRYPT_MITM,           /* relate to BTA_DM_BLE_SEC_ENCRYPT_MITM in bta_api.h */
+    ESP_BLE_SEC_ENCRYPT = 1,            /* relate to BTA_DM_BLE_SEC_ENCRYPT in bta_api.h. If the device has already
+                                           bonded, the stack will used LTK to encrypt with the remote device directly.
+                                           Else if the device hasn't bonded, the stack will used the default authentication request
+                                           used the esp_ble_gap_set_security_param function set by the user. */
+    ESP_BLE_SEC_ENCRYPT_NO_MITM,        /* relate to BTA_DM_BLE_SEC_ENCRYPT_NO_MITM in bta_api.h. If the device has already
+                                           bonded, the stack will check the LTK Whether the authentication request has been met, if met, used the LTK
+                                           to encrypt with the remote device directly, else Re-pair with the remote device.
+                                           Else if the device hasn't bonded, the stack will used NO MITM authentication request in the current link instead of
+                                           used the authreq in the esp_ble_gap_set_security_param function set by the user. */
+    ESP_BLE_SEC_ENCRYPT_MITM,           /* relate to BTA_DM_BLE_SEC_ENCRYPT_MITM in bta_api.h. If the device has already
+                                           bonded, the stack will check the LTK Whether the authentication request has been met, if met, used the LTK
+                                           to encrypt with the remote device directly, else Re-pair with the remote device.
+                                           Else if the device hasn't bonded, the stack will used MITM authentication request in the current link instead of
+                                           used the authreq in the esp_ble_gap_set_security_param function set by the user. */
 }esp_ble_sec_act_t;
 
 typedef enum {

components/bt/bluedroid/stack/btm/btm_ble.c

@@ -1417,7 +1417,7 @@ tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 lin
 
     switch (sec_act) {
     case BTM_BLE_SEC_ENCRYPT:
-        if (link_role == BTM_ROLE_MASTER) {
+        if (link_role == BTM_ROLE_MASTER && (p_rec->ble.key_type & BTM_LE_KEY_PENC)) {
             /* start link layer encryption using the security info stored */
             cmd = btm_ble_start_encrypt(bd_addr, FALSE, NULL);
             break;
@@ -1426,7 +1426,7 @@ tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 lin
        sec_request to request the master to encrypt the link */
     case BTM_BLE_SEC_ENCRYPT_NO_MITM:
     case BTM_BLE_SEC_ENCRYPT_MITM:
-        if (link_role == BTM_ROLE_MASTER) {
+        if ((link_role == BTM_ROLE_MASTER) && (sec_act != BTM_BLE_SEC_ENCRYPT)) {
             auth_req = (sec_act == BTM_BLE_SEC_ENCRYPT_NO_MITM)
                        ? SMP_AUTH_GEN_BOND : (SMP_AUTH_GEN_BOND | SMP_AUTH_YN_BIT);
             btm_ble_link_sec_check (bd_addr, auth_req, &sec_req_act);