I feel threat modelling is the really difficult part in gluing together known-good crypto parts into a solution.
I've glued together crypto library calls a few times, and I've implemented RFCs when I've done so, like HKDF[1].
But that isn't enough if the solution I've chosen can easily be thwarted by some aspect I didn't even consider. No point in having a secure door lock if there's an open window in the back.
