Galois Counter Mode $($GCM$)$ provides authentication using GHASH unit. Suppose we get the

polynomial for the $128-$bit hash subkey $(H)$ as: $H(x)=x^{27}+x^{25}+x^{20}+x^4+x+1.$ Also, as you know,

the irreducible polynomial for GCM is: $P(x)=x^{128}+x^7+x^2+x+1.$ Find the polynomial

representing $(x)=(M_1*H+M_2)*HmodP(x)$ assuming the two $128-$bit input blocks to GHASH

are as follows: $M_1=x^{89}+x^{23}+x^{10},M_2=x^{93}+x^{24}+x^{10}+x.$

$(x)=(M_1*H+M_2)*Hmodp(x)$ is what you have to derive in $GF(2^{128})$ after reduction. This is a very

simple calculation which is done in practice thousands of times for eventually deriving a tag.