How to replicate openssl command decrypting cms file

Question

I have tried decrypting a CMS file in Go, but have been unable to do so. The command I'm using to decrypt it via openssl is openssl cms -decrypt -inform DER -recip X -inkey Y. This works nicely and the file is decrypted correctly. At the moment I'm using os/exec in Go to decrypt it using this same command, but I expect there is some library that could perform the same functionality. However I've been able to figure out how that's done.

I have tried using the pkcs7 to decrypt, but without success, though I suspect this package is the correct one. My current attempt:

pkey, _ := ioutil.ReadFile(privKeyLoc)

//decrypt attempt 1
pk_obj, _ := pkcs7.Parse(data)
_, err := pk_obj.DecryptUsingPSK(pkey)
//err = "pkcs7: content data is a decryptable data type"

//attempt 2
rs, _ := ssh.ParseRawPrivateKey(pkey)
crt, _ := tls.LoadX509KeyPair(pubKeyLoc, privKeyLoc)
x509cert, _ := x509.ParseCertificate(crt.Certificate[0])
_, err = pk_obj.Decrypt(x509cert, rs.(crypto.PrivateKey))
//err = "crypto/rsa: decryption error"

Answer 1

The problem turned out to be that the mozilla pkcs7 library has very limited support when it comes to key decryption and used 'rsa.DecryptPKCS1v15' no matter what the pkcs7 object key algorithm identifier was. My key was encrypted using id-RSAES-OAEP, for which 'rsa.DecryptOAEP' must be used. My solution was forking the library and updating the Decrypt function to check which algorithm is used and using DecryptOAEP when applicable.