I would like to let the receiver has the ability to check the sender's authenticity when he gets the message.
Also, I want to protect the message's confidentiality and integrity.
Should I use aes gcm + hmamc or just aes gcm?
I heard aes gcm provides messages authentication suing Ghash. But ghash is not a mac, so I am confused how aes gcm achieve message authentication
Should I use
aes gcm + hmamcor justaes gcm?
Just aes gcm is fine - GCM includes the integrity protection.
I heard
aes gcmprovides messages authentication suing Ghash. But ghash is not a mac, so I am confused how aes gcm achieve message authentication
Ghash is indeed not a MAC - it is a universal hash. However, because the output of ghash is xor'ed from the output of AES (based on the nonce), that is indeed a MAC (a Carter Wegman MAC), and so provides the integrity protection you are looking for. That is, if the adversary makes any modification to the ciphertext, then (assuming AES is strong and the sender never encrypts two different messages with the same nonce) the modification will be detected with provably high probability.
Note: there are details I glossed over - not every universal hash xor'ed with per-packet secret data is a secure MAC. If you want to dig deeper into the theory behind GCM (and Poly1305, which works similarly), submit another question.
