Thank you so much for reaching out to wolfSSL support. You are asking some pretty advanced questions about the use of GCM, can you share details about what it is you are working on and what the product is and will do? If you can not share on the public forum this would be a good candidate to send to our support [at] wolfssl [dot] com domain.
Just a high-level overview:
wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
const byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz)
A call to AesGcmEncrypt might look like this:
wc_AesGcmEncrypt( aes, out, in, inSz, iv, ivSz,
The authTag is computed by the algorithm and is an OUTPUT.
In 99.9% of use-cases authIn is not set or ever used.
The only time authIn is used is when GCM is used like a block cipher and the authTag OUTPUT from a previous call is passed BACK in as an INPUT so it can be updated in subsequent calls.
I am not sure what you mean when you say "authentication vector" unless you are referring to the authIn I mentioned above which is not typically set (IE its' set to NULL and the length is 0 in most cases and always on the first call to GCM Encrypt or Decrypt).