It's not HMAC SHA, it's just a regular SHA. The problem is that the SHA1 has to be base64 encoded from the binary contents, not the hex representation. In other words, it's not as simple as:

$encode($sha1(%WEBSOCKET_KEY $+ 258EAFA5-E914-47DA-95CA-C5AB0DC85B11),m)

You actually have to build a binary string based on the hex representation that $sha1 returns and $encode that.

Here you go:

Code:
alias sha1binb64 {
  var %i = 1, %sha1 = $sha1($1), %len = $len(%sha1)
  while (%i < %len) {
    bset &sha1 $calc((%i + 1) / 2) $base($mid(%sha1, %i, 2), 16, 10)
    inc %i 2
  }
  noop $encode(&sha1, mb)
  return $bvar(&sha1, 1-).text
}


Usage:

Code:
//echo -a $sha1binb64(x3JJHMbDL1EzLkh9GBhXDw==258EAFA5-E914-47DA-95CA-C5AB0DC85B11)


Returns "HSmrc0sMlYUkAGmm5OPpG2HaGWk=" as per Wikipedia's description of the WS handshake.