November 27th, 2013, 11:02 AM

Implementing GHASH in 128bit AESGCM
Hi, i am implementing the AESGCM mode.
And I need to implement the GHASH function based on this equation: GHASH(H,A,C)=Xm+n+1
where H is a string of 128 zeros encrypted using the block cipher, A is data which is only authenticated (not encrypted), C is the ciphertext, m is the number of 128 bit blocks in A, n is the number of 128 bit blocks in C (the final blocks of A and C need not be exactly 128 bits), and the variable Xi for i = 0, ..., m + n + 1.
Xi=
{ 0 for i=0
(Xi1 XOR Ai) * H for i=1,...,m1
(Xm1 XOR (Am0^128v))*H for i=m
(Xm1 XOR Cim)*H for i=m+1,...,m+n1
(Xm1 XOR (Cm0^128u))*H for i=m+n
(Xm+n XOR (len_Alen_C)))*H for i=m+n+1
where v is the bit length of the final block of A, u is the bit length of the final block of C, and  denotes concatenation of bit strings. Note that this is an iterative algorithm: each Xi depends on Xi1, and only the final Xi is retained as output.
But I have some difficulties in coding the part whereby I have to do the concatenation of the block A with a bit string of zeros from v to 128 bits.
Anyone can help me?