Hi, i am implementing the AES-GCM mode.
And I need to implement the GHASH function based on this equation: GHASH(H,A,C)=Xm+n+1
where H is a string of 128 zeros encrypted using the block cipher, A is data which is only authenticated (not encrypted), C is the ciphertext, m is the number of 128 bit blocks in A, n is the number of 128 bit blocks in C (the final blocks of A and C need not be exactly 128 bits), and the variable Xi for i = 0, ..., m + n + 1.
Xi=
{ 0 for i=0
(Xi-1 XOR Ai) * H for i=1,...,m-1
(Xm-1 XOR (Am||0^128-v))*H for i=m
(Xm-1 XOR Ci-m)*H for i=m+1,...,m+n-1
(Xm-1 XOR (Cm||0^128-u))*H for i=m+n
(Xm+n XOR (len_A||len_C)))*H for i=m+n+1

where v is the bit length of the final block of A, u is the bit length of the final block of C, and || denotes concatenation of bit strings. Note that this is an iterative algorithm: each Xi depends on Xi-1, and only the final Xi is retained as output.

But I have some difficulties in coding the part whereby I have to do the concatenation of the block A with a bit string of zeros from v to 128 bits.
Anyone can help me?