You might want to read the Oauth spec:
The oauth signature is generated from the very params you use in the base string (request URI) using the algorithm you listed there (in this case HMAC-SHA1).
We also have a testing tool here:
..as well as another discussion on Oauth flow here:
you use your consumer secret to generate the oauth_signature and you append it to your base string so our servers can verify this request is legitimate.