The function of GCM in which the plaintext is encrypted into the ciphertext, and an authentication tag is generated on the AAD and the ciphertext.
Source(s):
NIST SP 800-38D
under Authenticated Encryption